LaunchBrightly’s automated screenshot platform runs a set of ephemeral machines in the cloud (AWS), which you might think of as a set of web crawling robots (sometimes also called “bots” or “spiders"). Primarily, the bots allows the automated screenshot platform to:
- Setup: Capture the actions required to securely log into your App (using your demo account), and repeatedly replicate those steps as you identify (in our Cloud Browser) where the product elements you want to screenshot live within your App
- Capture: Repeatedly visit your App to capture up-to-date screenshots of those product elements
However, some parts of your systems (App) may restrict access, or be made unavailable, to robots without the appropriate identification.
Below are two methods that can be used to identify LaunchBrightly’s web crawling robots as verified and friendly, allowing it to visit and interact with your App without being blocked or being restricted from taking certain actions (e.g. logging into your App hundreds of times to take new screenshots of the entire platform)
Whitelisting IP addresses
IP whitelisting is a security measure that involves creating a list of trusted IP addresses that are granted access to a specific system or resource. Only the IP addresses on the whitelist are allowed to connect and or perform certain actions, while all others are blocked.
Using IP whitelisting to give unique rights to certain tools and software provides control over who can interact with your App with those unique rights, while blocking others from having those rights, and allows these tools and software to do things that the App might otherwise not accept. For example, if a tool needs to log into your App hundreds of times to capture new screenshots of the entire platform it could trigger security concerns. However, if you know this tool is trusted and whitelisted, these concerns can be mitigated.
LaunchBrightly uses a single IP address for our servers (which reside on AWS) for whitelisting which follows this pattern:
- 000.000.000.000
Whitelisting of our IP address provides your system with the appropriate identification to validate LaunchBrightly’s web crawling robots are verified and friendly, and therefore allows it to repeatedly visit your App to capture the latest screenshots of your product.
To request a copy of LaunchBrightly’s IP address, email us at: hello@launchbrightly.com
Detecting user agent headers
User agents, often referred to as User Agent strings, are identification strings sent by web browsers or other client applications to servers during HTTP requests. The User Agent string provides information about the client application, including the software, operating system, and version being used, and is how the browser identifies itself to your system (n.b. keeping in mind the automated screenshot platform is simply a machine version replicating a normal human, with a browser, visiting your App).
The following User Agent string can be used to whitelist LaunchBrightly:
Mozilla/5.0 (Compatible; LB Product Screenshots Fetcher;
+http://launchbrightly.com/bot.html)
Please note. Whitelisting IP addresses and User Agent string detection are not mutually exclusive, they can be used individually or in combination with each other to ensure the automated screenshot platform is allowed repeated visits to your App to capture the most up-to-date screenshots of your product.
Authentication to your App (demo account)
By whitelisting LaunchBrightly’s IP addresses and/or detecting the LaunchBrightly User Agent string, you will ensure that the automated screenshot platform is not blocked from repeatedly (i.e. for every screenshot capture) visiting your App to take screenshots of your platform. However, these methods alone will not allow the automated screenshot platform to navigate through the user authentication protocols of your App.
Login and password authentication
You can allow the automated screenshot platform to visit and interact with your App by creating a login profile to record the required steps to securely log into your App (demo account) and replicate the steps a normal human user would take when visiting your App. This allows the automated screenshot platform to repeatedly replicate those steps to capture automated product screenshots.
Authentication token or login link
You can also allow the automated screenshot platform to navigate through authentication protocols of your App by providing a non-expiring login link (URL) for the demo account used with LaunchBrightly, or an authentication token which will be sent in the header of our request under a unique LaunchBrightly key. This allows the screenshot automation platform to visit your web application and take screenshots without having to enter login credentials.
Please note: this does require your web application to accept a new type of token and to grant access accordingly.