Forum Academy Marketplace Showcase Pricing Features

Storing & Using User API keys

I’m trying to work out best practice for allowing users of my app to connect to their stock-keeping software.

I’m planning to save encrypted api keys on my app database. I’m not quite sure how I would then go about initiating an api call using the key.

Any tips would be appreciated!

Hi, were you able to find a way to do this?

Bubble doesn’t allow “secrets” to be stored under a seperate password (which would be nice, and I asked for years ago) so you don’t have many internal options beyond decrypting it in a workflow step.

There are quite a few external solutions, but none are particularly simple.

I ended up connecting to shopify only, creating an unlisted partner app (let me know if you need any advice on this) and storing access tokens on my database. In the end the functionality was superfluous for my needs…so went no further than that. .

How did you store the access token on the database? Encrypted?

I did but not sure that is much protection really, as you could still run as a given user from the editor?

You’re right - the Run As causes some security implications that are worth diving into depending on the regulatory environment for your app and end user expectations.

A while back, I quickly tested all of the then-available encryption plugins. One thing to be aware of is that some of the plugins I tested actually wrote the unencrypted value to the logs every time it was encrypted or decrypted – eek!

We didn’t end up finding a solution at the time, but were looking into API-based encryption providers before moving on.