Hey all,
I’m calling the Jira Software API which requires Basic Auth (Username and Password, the password is an API key that the user generates in Jira).
I managed to get it working which is great, however I’m unsure if the way I’m doing it is secure and wondered if anyone could give a few pointers on the following:
-
I’m storing the users API key as a field in the User data type. I’ve got a privacy rule setup so that only the current user can view it. Is that secure enough?
-
I’ve created a repeating group for showing the results from the Jira API. I’m passing in the current users email, api key and jira url via the Repeating Group data source (see screenshot). Is this good practice? The user would have a settings portal where they can maintain those values.
- In the API connector I’ve set variables in the endpoint url where I pass in the url, username (email), and password (api key). In order to set them dynamically based on the current logged in user I’ve had to uncheck Private. Should that concern me?
Any help or suggestions very welcome.
Thanks
Dan