I’m releasing another plugin soon, this time dubbed Security Salamander.
I was building a Fintech app using Plaid Webhooks for one of my clients. One of the very first problems I came across was finding a way to secure my API endpoint to ensure that I am only accepting API Requests from Plaid, and no one else. Since my client is in the world of American politics, there are many bad actors - and so any risk (otherwise insignificant) can become a huge problem.
By far the most common way of securing API endpoints is by using JWT (JSON Web Tokens). In Bubble, there is no way to “work” with JWT, or JWK (JSON Web Keys) which are vital to any JWT integration. The problem is that there are several ways of using JWT, all requiring their own encryption algorithms. For instance, Plaid uses JWT with an encryption algorithm that is completely different from Stripe’s.
My plugin, Security Salamander, will be a bundle of very useful server side actions that will let you use (most) JSON Web Tokens integrations: secure your endpoints, use more complicated API services, such as Stripe’s Pin management (currently incompatible with the API connector).
This plugin will support the most common encryption algorithms for encryption and decrypting JWK, let you create PEM files on the fly and more general actions to perform very common tasks with JSON.
I’ll update this post when I am ready to release. If anyone has any questions, comments or suggestions let me know