Automate Candidate's Certificate Generation
This is a follow up from the Secure Signed Image guide on using signed image as building block for certificate.
In this guide, we will explore one of the techniques to automate the generation of signed URL.

Requirements

You will need,
  1. 1.
    AWS account to access AWS Lambda
  2. 2.
    Airtable account
  3. 3.
    Integromat account
  4. 4.
    A working template to generate secure signed image. Please check the previous guide linked above.
To be pedantic, this part involves a very small amount of code. So, maybe it's low-code rather than no-code. Either way, it is pretty straight forward to follow.

Guides

Deploying AWS Lambda Function

This is the part where very small amount of code is involved. So we will do this first.

Creating Lambda Function

  1. 1.
    Create a new lambda function named secure_signed_image.
  2. 2.
    Paste the following modified code. In this example, the modification is similar to what we had from the previous tutorial. It is modified to work with AWS lambda function.
1
import json
2
import hmac
3
import hashlib
4
import base64
5
6
def base64_encode(string):
7
"""
8
Removes any `=` used as padding from the encoded string.
9
"""
10
encoded = base64.b64encode(string.encode())
11
encoded = encoded.rstrip(b'=')
12
return encoded
13
14
def generate_url(candidate):
15
user_id = ""
16
secret_key = ""
17
base_id = ""
18
19
modifications = [
20
{ "name": "text_candidate", "text": candidate }
21
]
22
23
# ensure no spaces in json output
24
encoded = json.dumps(modifications, separators=(',', ':'))
25
encoded = base64_encode(encoded).decode()
26
27
parameters = "{user_id}+{base_id}+{modifications}".format(user_id=user_id, base_id=base_id, modifications=encoded)
28
29
signature = hmac.new(secret_key.encode(), parameters.encode(), hashlib.sha256).hexdigest()
30
31
url = "https://images.usestencil.com/signed-images/{user_id}/{base_id}.png?modifications={modifications}&s={signature}".format(
32
base_id=base_id,
33
user_id=user_id,
34
modifications=encoded,
35
signature=signature
36
)
37
38
return url
39
40
41
def lambda_handler(event, context):
42
# we read the name from the query string
43
# i.e. https://xxx.amazonaws.com/default/secure_signed_image?name=David
44
candidate = event["queryStringParameters"]["name"]
45
46
url = generate_url(candidate)
47
resp = {
48
"url": url
49
}
50
51
return {
52
'statusCode': 200,
53
'body': json.dumps(resp)
54
}
55
Copied!

Creating HTTP trigger

We need to set up HTTP trigger so we can call the URL publicly and execute our lambda function. One additional step we need to take care of is to ensure our trigger is proxied to our lambda so we can capture the query string properly.

Video Guide

The following video shows the setup one-by-one.

Setting up Airtable for automation

We will get our candidates' name from table in Airtable. Airtable needs to be set in certain ways to allow for Integromat automation.
Generated signed URL will be populated into Signed URL column
For this example, we create 3 columns in which 2 columns are text and the last column (Last Modified) is a special Airtable column that tracks the last modified time. For this particular column, we only set the last modified time when the Name column is updated.
See the video for the process

Automate image generation with Airtable and Integromat

Now that we have launched our function to AWS Lambda and Airtable ready for integration, we can call the lambda function anytime to get back the signed URL.
This is how the modules are setup
The workflow basically works like this,
  1. 1.
    Airtable module watches for record update (this is why we need the Last Modified column)
  2. 2.
    Get the value from the Name column and send a GET request to our lambda function with the name as a query string parameter. We also URL encode it.
  3. 3.
    Once we get back the URL, we update the related record with the generated signed URL.
You can work on similar integration with Google Sheet.