I want to have application generated API Keys, so that users can generate new keys and discard old ones.
Is there a way for me to make bubble’s authorization look up my keys, or should I just say that my APIs can be accessed without authentication and validate everything myself. Any hints from anyone who’s done this before?
bubble provides keys natively. to access them, you’ll create a login action in a backend workflow, and then call your own backend workflow via the api connector.
subsequently, to discard old ones and renew, you’ll use the log out of all sessions action, and do another login action in a separate backend workflow and call this via api connector.
when you check stay logged in, the key is good for 1 year. if not, only good for 24 hours.
Thanks for the tips.
Having an API Key database is how OpenAI, for example, and tons of other such service companies, handle this sort of thing. In fact, it is precisely how bubble handles it, as well. You go into your bubble studio and ask it to create a key and give it a name. How is that any different?
When your main goal is providing an API, having a key that is tied to an actual user login is not a good idea.
I am curious about what you mean by “having to keep such a database public”? It must be verifiable by a workflow, but the table does not have to be public. My application doesn’t expose its data API, only API workflows.
Thanks for the tips.
This seems very fragile for an app whose main purpose is to provide an API.
You’ll have to excuse me, I don’t understand what you mean. This is exactly how it’s done. Goodluck.
