This is the type of Token I am referring to…the Access and Refresh Tokens.
If you are referring to the App Client Keys, Secret Keys etc. then this part is applicable
In the Bubble API Connector your keys are stored as text I suppose when setting up different APIs using these various Authentication methods
But any of these parameters are not accessible to anybody except those with access to the app editor, as they are not saved as a Data Type entry or anything like that.
Plus any values you put into the API calls that you label as ‘Private’ like below, these are not accessible from the page as far as I know and should be secure. The only way somebody would have access to these would again be if they had access to your app editor.
Bubble treats these types of values very securely in how they treat them as far as I can tell. In fact, if a template is using the API Connector to setup API calls for use in the template, which for obvious reasons necessitate the use of Private keys and App secret keys etc…these are not possible to transfer to the newly created app from the template…Database values however can be.
Also, if the idea were to keep the APP Client and Secret Keys through webtask, I personally I have no experience with what webtask is or what it can do, but working only in Bubble on the API Connector, it is not possible to get the APP Client or Secret Keys to be used dynamically in most Authentication methods available unless you are doing ‘none or self handled’.