Hi,
Very good book! Thank you very much!
I am however with a rather complicated problem and would like an opinion. I originally created this thread Dynamic fields in workflows are secure?
The objective is quite simple : I want to use an external service that I access through API using OAuth2 authentication. The problem is that the service has an production and development environments and it is crucial to differ between them (when using bubble dev, it should use the service’s dev environment). This differentiation is done in two parameters : the endpoint URL and the OAuth2 token (even the endpoint url to the Token generator is different in dev and prod).
Bubble support for OAuth2 is safe, but it does not support different tokens and different urls for dev and prod. So, I was manually getting and managing the tokens in the data base, but this require to use “Do Search for Token-Object”, so it must be searchable by the User and any User would be able to see it. I thought of moving the API call action to a backend workflow, but I need to show the response in the page and there is no simple way to send it back to the front.
Is there any possible secure way to use a data (the token) in an API without the user being able to see it and without using Backend Workflows?