We’ve just launched our new Hybrid automation feature at Browserless. Let’s take a look at how it protects user data when working with automations.
No more asking for their login credentials
It’s very common to run scripts that involve someone else’s website. For example, maybe you automate a set of actions in an HR system.
That’s all fine in theory, but logging in presents a challenge.
Unfortunately, we’ve seen a trend for these types of scripts to ask users for their username and password, or even a 2FA code, which are then entered into the system. Doing so is hugely insecure, and is in violation of most site agreements. So how do we work around this?
Bringing users into the automation
We wanted to create an alternative workflow to just upfront asking for sensitive data. This new approach could go:
- Launch an automation with Puppeteer
- Start a browser and navigate to the relevant login page
- Live-stream this page to the user,
- Let the user enter their details, validate a 2FA or solve a captcha in an iframe
- Carry on with the automation now that it has access to the system
That would create all the benefits of automating a process, without compromising the security of a system.
Introducing hybrid automations with Browserless
With our new hybrid automations, you can create the workflow described above.
It lets you write a normal Puppeteer script, but with events and other APIs you can use to “hook” into these workstreams. Browserless then interacts with the browser at the CDP layer to add custom behavior without us having to mess with the Puppeteer library.
Using Browserless.liveURL
returns a fully-qualified URL loaded into a web browser. The URL doesn’t require a token, so you can share it with users for them to click, type or perform other interactions.
The livestream looks and feels like their normal browser, despite using a headless browser behind the scenes.
User logins are the most popular use for this we’ve heard of, but they’re not the only options. You can use this approach to get the user involved with any type of page interactions, loaded as an iframe within your UI.
Whether you just want to solve a captcha or perform another task, you can set up a screencast to involve the browser.
{{banner}}
Reusing the session after login
If you wish to run multiple automations with the logged-in session, you can open multiple pages on the same browser instance so that it shares the cookies.
To keep those cookies, sessions and cache, you can specify a workspace directory with the &--user-data-dir
flag with a unique identifier on the initial connection.
You can then use this same flag with the identifier of the session you want to use on subsequent browser connections to reutilize the cookies, sessions, and cache that was initially stored. This way, your clients won’t have to login every time you need to reuse their logged-in session.
Keep in mind that the default workspace directory lifetime is 7 days.
Want to add hybrid functionality to your automations?
Hybrid automations are now available for users on our hosted enterprise plans. They’re the first to utilize this new CDP-based approach, and we’ll be adding more new features to this API to enhance the experience.
If you'd like to try it out for your own automations, then click below to contact our team.
Try Hybrid automations with an enterprise account
Our liveURL API is only available for enterprise users. This comes with other advanced features such as session reconnects and custom deployments up to thousands of concurrencies.
Contact us today if you'd like to test it out for your organization.