Are data used in workflows (such as with a “Do search for” ) public or are they safe ?
For the reason I discussed in another forum thread (API connector OAuth2 different dev and prod env) I needed to manually handle the authorisation of external API calls. However I do this by saving the API token (a sensible data) in the database and retreiving it with a “Do search for” in the workflow. Can an malicious user have acces to this information ?
I’m not sure that I could use a privacy rule, because the workflow has to be able to get this data. Maybe, if it is not safe as is, I should move those actions to an API Workflow and set “Ignore privacy rules”.
This is with a simple authentication, but I would very much prefer to use OAuth2 method. Bubble has a native support for OAuth2, but, as I said in my other thread, it does not allow for different dev and prod keys.
The problem is that with my approach I cannot make this object really private cause I need to get it’s value.
But, as this “Do search for” is actually independent of the User or anything else, I can move it to a backend workflow. So, I think (not really sure) that the most secure way would be to pass this this to a backend workflow so I can just pass the other data as parameters and safely access MangopayAuthTokens” in the backend.