Forum Documentation Showcase Pricing Learn more

Blockspring custom block API - Authentication

Hi All,

I’m seeking some guidance on how to configure a Blockspring API with the Bubble API Connector.
I have created a custom block in Blockspring that is working as expected, however, I’m not sure what authentication method I should be applying.
I have tried a few different approaches but I keep getting a response that returns hundreds of fields (named 1, 2, 3, 4 etc) and it crashes my browser so something is clearly configured incorrectly.

The block is actually a copy of an existing call available in the Blockspring plug-in (Wikipedia Sub-Categories) simply with the results limit parameter set to a different value. So in theory it should work as expected.

Also, Is there a specific URL that should be called. I tried the Custom URL in the blocks settings but I don’t think that is right.

I can’t find any documentation to help explain this clearly.

Any help would be awesome!

Thanks

1 Like

Great question.

I’m also working to secure a custom block. Out of the gate, I’m not seeing Bubble listed on Blockspring Auth.

I tried putting my Blockspring API (found on profile page in Blockspring ) into the header in the Bubble Connector.

If I use the label “API Key”, I see the following error. If I use “Authentication”, I don’t get an error, and whatever I put as the key value eg. 123 nonsense, doesn’t throw an error, but clearly is not registering with Blockspring

1 Like

Hey kramwe,

So I was able to progress this to the point where it attempts to authorise using oauth2 and redirect back to my page, however Blockspring only serves API requests over https and unless your on the professional plan, your app can only serve over http so it keeps throwing an authorisation error.

Never the less, this looks to be the correct configuration for the API call I’m trying to make.


Once I found the Blockspring-API documentation on github I made the most progress.


Hope that helps

Thanks Lyndon.

The screenshots were very helpful. What URL did you use in to register in Blockspring?

Also, if I re-initialize the API call in bubble, should I be expecting an Auth error if I set up the OAuth incorrectly?

No problems.
I used my dev url (which is http) when registering the app.
So with Oauth, you are likely to find 2 problems.

1: If you follow the steps and set up a log-in button to test the oath redirect, you will likely receive an invalid url error as the url will be http (unless you have https for your app)
2: If you try to re-initialize before successfully completing step 1, you will likely get an Auth error.

This is what has happened to me and I have not found a way around this to properly test my API yet until I decide to upgrade so I can get https. As such, I have put this API on hold for the moment and working on other stuff.

If you do have a https url, I would be interested to hear if you got through step 1.

Good luck.

If anyone else has had success with this problem or sees that I am missing a step that will help overcome this issue, please let us know.

Cheers

Hi,

So, I do have an https account.

Step 1 seems to work. I was able to register my app ( https://myappurl/version-test ) with Blockspring. When I "authorize"d the callback URL and was taken back to my bubble app.

Step 2 however, didn’t throw an error as I’d expect. I copied both the AppID and AppSecret from Blockspring to the plugin and reinitialized. I got the response I was expecting. However, when I made the AppSecret nonsensical eg 12345 I was still able to initialize; I expected to see an auth error.

Where were you seeing the auth error?

@lyndon.apthorpe - Ever consider joining the Bubble-Blockspring Slack group? [email protected]

Hi Lyndon,

Heard back from Paul, the founder of Blockspring, that if your goal is to “secure” your blocks such that others are not able to access/edit/etc… the block code, all you need to do is make the block “public - closed secure”; others won’t be able to access it, unless you give them access ( through Doorkeeper )

The 3rd Party vendor integrations to facebook, linkedin, etc are a way to grab data from those apps and bring them into your block. There is no equivalent Oauth needed to get data from a custom block you’ve set up. In fact, the bubble connector v2 is not using the oauth logic to make POST calls to blockspring.

Hope that helps.

Whitney