I’ve been having a lot of fun setting up plug and play integrations for my application using custom oauth. However I’ve been getting requests from users whether they can setup their own integrations from their own applications (both POST and GET calls). I’m wondering what is the best way to do this? I don’t want to store API keys for their applications in the DB and I don’t want to provide my bubble API key (for obvious reasons). Wondering how any of you have got around this?
@deeknee you could build a encryption as intermediary.
So the key is not stored on your site but the encrypted key is. And when you need to use it, decodes and plugs straight into the call.
A bit complex, but check here: encryption - How to store private encrypted user data in the database, but make them available to other chosen users? - Stack Overflow
@dfahimifar there are some plugins to encrypt for free ( Encrypt & Decrypt Text Plugin | Bubble ).
A simple version would be,
have an input that before you save it to DB you use the encrypt action.
So you have the value “hidden”, inside the database and the only way to access it is using the same type of Encryption to decrypt it.
When you need to use the API call, you fetch the value, apply the decrypt action and get the same value as the user input.
Please check more about encryption because if it’s handled wrong, you can lose all the data!!
Same encryption method must be used to encrypt and decrypt. Also investigate the different types (asymmetrical and symmetrical) to see which can fit best to your needs.
This plugin has a small instruction as well
Move your API calls into the plugin and use the “secret” type to hide the keys.
Looking for a Bubble Coach? Check out here