Avoiding replacing API Key of the backend workflows every year

salemmo409 · October 5, 2024, 4:01pm

Hi everyone!

If a client wants to call an API workflow in my app, he has to include an API Key (or token) generated in the header, but this token will be revoked automatically and should be replaced every year.

The problem is that my users use the API key in many different calls, so every year they have to generate a new key and edit their calls to replace the old key. this could be time-consuming and a cause of many errors.

So is there a workaround to avoid replacing the token every year?
Is it practical and secure if I removed the authentication from being in the header and made a body parameter for this?

Jici · October 5, 2024, 4:06pm

What I understand is that you have created your own auth system for API workflow? This is your choice to revoke API key after a year. You can change that… Did you consider Bubble password oauth process instead?

salemmo409 · October 5, 2024, 4:41pm

@Jici
I have made API workflows that users can call from their apps and I implemented the authentication method explained here:

Is there a resource for the “Bubble password oauth process” in the bubble documentation?

Topic		Replies	Views
I want to have application generated API Keys - How do I implement authentication? Questions	6	63	September 9, 2024
Is it possible to send a dynamic key in header of API Workflow? APIs	7	2141	October 11, 2020
How to generate an API Key for users to use it when they call my endpoints? APIs	4	382	May 25, 2024
Create New API Key through API APIs	1	557	March 7, 2019
HOW TO: passwordless authentication in API workflow Showcase	16	3996	December 2, 2017

Avoiding replacing API Key of the backend workflows every year

Related topics