Sensitive Information in Custom State

court · May 11, 2021, 12:18am

If one were to store an API token in a custom state. Are these exposed?

lottemint.md · May 11, 2021, 1:13am

Each thing on the client-side is exposed, including the states.

court · May 11, 2021, 2:12am

I thought so, but one of the box.com a plugins I bought demo app was doing that for some reason.

court · May 11, 2021, 2:16am

court · May 15, 2021, 2:27am

Hey @lottemint.md are these params exposed when used in a workflow?

lottemint.md · June 30, 2021, 8:01pm

Pretty late, I guess.

Yeah, they are exposed.
If the current user should not see a token in any case, it might help run these actions in the Backend section. There are cases when a key is a dynamic one, and you need to store it in the database - here, you can configure the key’s visibility in the Database > Privacy section.

Topic		Replies	Views
Data privacy breaching Database	11	492	January 9, 2023
Privacy policy for custom states App Organization	3	669	November 29, 2021
Custom States questions Need help	4	124	April 1, 2024
My API connector calls are publicly exposed APIs	15	533	March 29, 2024
How to hide sensitive data in the debugger in live mode APIs	4	558	May 26, 2023

Sensitive Information in Custom State

Related topics