I’m building a 3rd party integration plugin that requires a token:
The token is provided in the “initialize” function:
Everything works fine.
HOWEVER, I would have thought that the Town should be “Private”, like this:
But this causes the following error:
Error: An API access token is required
Am I missing something obvious here? Should I need to be able to access a Private API Key in my initialize function?
When you make the keys as the private , its become unavailable at the client-side element.
Whatever you do at the client side , it accessible at the browser so if bubble expose the private keys at the client side, it will also accessible at the client side.
Hope it make sense, do let me know if you are looking for anything else.
Ankur@Nocodetalks
Checkout Bubble Plugin Development Course?
When using code inside the element section, all of the code excepted here is PUBLIC. It is client-side code (if that is not a familiar concept to you, I strongly recommend reading up on that before proceeding any further with the development of your plugin)
What this means is you were attempting to show an private api key to the client side, in other words, to anyone who visits the web page and knows how to click f12 and look at code. This can result in unauthorized access to the api in question by anyone savvy enough to look here.
In the case that this token is not actually private, then you can switch that to public and use it.
Thank you @ankur1 and @jonah.deleseleuc.
I have plenty of experience with API keys and server side actions, but this is the first time I’m using them with an element.
Appreciate the detail provided by you both 
