# Automate Candidate's Certificate Generation

{% hint style="success" %}
This is a follow up from the [Secure Signed Image guide](https://docs.usestencil.com/integrations/case-studies/generate-certificate-of-accomplishment) on using signed image as building block for certificate.
{% endhint %}

In this guide, we will explore one of the techniques to automate the generation of signed URL.

## Requirements

You will need,

1. AWS account to access AWS Lambda
2. Airtable account
3. Integromat account
4. A working template to generate secure signed image. Please check the previous guide linked above.

{% hint style="info" %}
To be pedantic, this part involves a very small amount of code. So, maybe it's low-code rather than no-code. Either way, it is pretty straight forward to follow.
{% endhint %}

## Guides

### Deploying AWS Lambda Function

This is the part where very small amount of code is involved. So we will do this first.

#### Creating Lambda Function

1. Create a new lambda function named `secure_signed_image`.
2. Paste the following modified code. In this example, the modification is similar to what we had from the previous tutorial. It is modified to work with AWS lambda function.

```python
import json
import hmac
import hashlib
import base64

def base64_encode(string):
    """
    Removes any `=` used as padding from the encoded string.
    """
    encoded = base64.b64encode(string.encode())
    encoded = encoded.rstrip(b'=')
    return encoded

def generate_url(candidate):
  user_id = ""
  secret_key = ""
  base_id = ""

  modifications = [
    { "name": "text_candidate", "text": candidate }
  ]

  # ensure no spaces in json output
  encoded = json.dumps(modifications, separators=(',', ':'))
  encoded = base64_encode(encoded).decode()

  parameters = "{user_id}+{base_id}+{modifications}".format(user_id=user_id, base_id=base_id, modifications=encoded)

  signature = hmac.new(secret_key.encode(), parameters.encode(), hashlib.sha256).hexdigest()

  url = "https://images.usestencil.com/signed-images/{user_id}/{base_id}.png?modifications={modifications}&s={signature}".format(
      base_id=base_id,
      user_id=user_id,
      modifications=encoded,
      signature=signature
  )
  
  return url


def lambda_handler(event, context):
    # we read the name from the query string
    # i.e. https://xxx.amazonaws.com/default/secure_signed_image?name=David
    candidate = event["queryStringParameters"]["name"]
    
    url = generate_url(candidate)
    resp = {
        "url": url
    }
    
    return {
        'statusCode': 200,
        'body': json.dumps(resp)
    }

```

#### Creating HTTP trigger

We need to set up HTTP trigger so we can call the URL publicly and execute our lambda function. One additional step we need to take care of is to ensure our trigger is proxied to our lambda so we can capture the query string properly.

![](https://1726200576-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MYeUDPAhozAcUAcc2Lr%2F-MfWgxxPjRdjVEiMnOxB%2F-MfWhKUS39N3DUQhvLlg%2Fimage.png?alt=media\&token=de0985d7-f3af-423b-8488-e33e79a95eb4)

#### Video Guide

The following video shows the setup one-by-one.

{% embed url="<https://youtu.be/LXTb_bSCZlQ>" %}

### Setting up Airtable for automation

We will get our candidates' name from table in Airtable. Airtable needs to be set in certain ways to allow for Integromat automation.

![Generated signed URL will be populated into Signed URL column](https://1726200576-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MYeUDPAhozAcUAcc2Lr%2F-MfXSmNFLkuq5qnzxttC%2F-MfXSyuZsPNH0AZsppAD%2Fimage.png?alt=media\&token=bac1a371-b8eb-4c01-b51c-85d049521c3d)

For this example, we create 3 columns in which 2 columns are text and the last column (Last Modified) is a special Airtable column that tracks the last modified time. For this particular column, we only set the last modified time when the Name column is updated.

See the video for the process

{% embed url="<https://youtu.be/1aD1mOqgbCM>" %}

### Automate image generation with Airtable and Integromat

Now that we have launched our function to AWS Lambda and Airtable ready for integration, we can call the lambda function anytime to get back the signed URL.&#x20;

![This is how the modules are setup](https://1726200576-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MYeUDPAhozAcUAcc2Lr%2F-MfXUkpzY5M0XfYNY3GO%2F-MfX_FDad4kXCorB8qSK%2Fimage.png?alt=media\&token=62aade36-8ba3-4dba-be29-0bd77e770a7b)

The workflow basically works like this,

1. Airtable module watches for record update (this is why we need the Last Modified column)
2. Get the value from the Name column and send a GET request to our lambda function with the name as a query string parameter. We also URL encode it.
3. Once we get back the URL, we update the related record with the generated signed URL.

{% embed url="<https://youtu.be/HSZBacQvv8c>" %}

{% hint style="success" %}
You can work on similar integration with Google Sheet.&#x20;
{% endhint %}