Several API tokens on same site

Im creating an portal where i want to connect to the same API endpoint, but with different API tokens.

I have created an “Custom state” called KEY, that i use in all API calls. In this way I’m able to change the “custom state” when i want to use another token for my API call.

Is this a safe way to do it? I can not set the parameter to “private”, because then I’m not able to send tokens per call.

I use Basic Authorization for my calls. And my token is “Base64 encoded”.

Skjermbilde 2021-03-15 kl. 20.58.54|690x194

You can read states, so I wouldn’t put your keys in them.

If you set up another table/thing you can put your keys in records in there, ensure the table is properly permissioned, and use the records at run time in workflows by “do a search for”

Ah. Ok.
Thank you so much for your answer! :slight_smile:

But is the API call is safe like this? As long as i put the key in another table?

I have the key in a table already. But it was just easier to use state when i wanted to do different calls. Today i have a menu where you can choose what “company” you want to connect to. And this changes the state to the actual key.

With your solution, i need to get the key for the table with “do a search for” for each time i want to do an API-call. Right?

Yeah you should be ok.
API calls aren’t done from the browser, they’re done on the bubble servers by API processors of some kind.
Only the results come back to the browser, not the keys.
Do make sure that you secure your keys table appropriately and don’t permission it to being accessible down the data api!