Hi All,
We are exposing a backend workflow publicly as part of an API strategy. Clients will create an account and generate an auth token and access the platform via their own systems.
At the moment I have this auth in the body request but want to have some sort of auth in the header to make it - 1 more secure and 2 seem more legit in the market. Then searching and stopping the workflow if the auth is not found.
We cant use the bubbles generated api tokens as they are accessed app wide and not specific to a workflow (would be nice).
Any ideas?
We have full API documentation created so just looking at this specific detail.
This is intresting , what you want is to include an x-api-key in you header so when your public api is called you compare this x-api-key with client x-api-key in you database.
but the question is , Can we read the headers of API calls in backend i know we can see the headers in log, but can we read it in backend api, I dont know , So looking for more experienced bubble to help us here
@chaddickson83 @Baloshi69 there’s a detect header checkbox in the API endpoint. You can use this to compare with your expected key.
1 Like
we are talking about webhook sir, i dont see one in webhooks , but yes for API connect call there is one
oh yah there this one :
@chaddickson83 this will solve your issue , checked this and then see the Header for you < x-api-key > header
