So they can link to their own records within my app.
Is there a way to dynamically input the user’s API key into the plugin?
Probably would need the API connector instead, and a header (not shared header) on the call with “private” unchecked so it can be dynamically filled in by the user or a field under the user.
Just make sure privacy rules are in place so another user can’t see their API key field
2 Likes
Seems so obvious now. Thank you so much. Will see if I can get this to work today. Thank you!!!
1 Like
I want to do the same thing, but I’m unsure about making the API key not “private”. As I understand it, non-private API parameters are handled on the browser level and therefore are not secure. Is there a way to do this where the API key (stored as a value on the user and protected with privacy rules) never leaves the server?
1 Like
I suppose you could run the API call in a backend workflow. If they are doing the call and you just need to write to the database then that would work.
If you need values returned to the client’s browser (like to show the response in a custom state or something) you will need to do some workarounds such as calling your own app’s backend workflow through the API connector and letting it return data that way. Bubble doesn’t let you return values yet when you do it internally but hopefully that happens soon
Since private is unchecked I think the key would still show up on server logs though. My question is this key really private? Isn’t the user putting it in themselves so they would know it already? Privacy rules still are in play here where a User would only see their own API key field (assuming you have privacy rules limiting it to just that)
2 Likes
Curious to know more. Still pretty green with back end work flows.
I know there are a few bubble apps that send user response emails to the users airtable without zapier/make.
Not sure if that’s the same as displaying data in the app.