How to make api call with private data in a better way?

Hey guys!
I hope they’re all right.

I’m making this post much more with the intention of understanding if it’s the best way to proceed with an API call than a problem itself.

Let’s go.
If, for example, I have an API call like the image below, where the header contains a secret key, and that key is a per-user unique key stored privately in the database for other users, what would be the best way to make this call?

I can’t perform a regular workflow because the key is secret.

  • Think that in a payment process the key would belong to the merchant, and the customer should not be able to see this key.

But I also can’t just schedule an action on the backend because I need the API return right away.

  • It would even work, but it wouldn’t be able to process in a simple way if the payment was made successfully, for example.

The way I found seems to be the most viable, but the most expensive.

  1. First I create a Workflow API on the backend;

  2. Second, I create the action that will populate the database;

  3. Third, I create an API callback, this will allow me to see what happens in realtime;

  4. Fourth, I create an API call to the Bubble endpoint that will perform this action;

  5. Finally, in the regular workflow, I just create an action for the API I just created by connecting to the end of the Bubble and everything works.
    During this call, I would pass the merchant’s account for the payment to be made and in the backend the field containing the secret key of the original call would be ignored.

As you can imagine, we have a problem with this method, as now we would be making two API calls, since we would be accessing the Bubble terminal, so only the original call could be made there, which will cost me a few more Workunits.

Finally, I ask, is there a smarter way to perform these actions? Going back to basics, the only thing I need is to be able to make my API calls to the banking service I’m using with each merchant’s secret key.

(Sorry for the bad english, and I hope I was clear) :grin: