Where to store API Oauth token for maximum security

Hello bubblers,

For my website I’m using a Oauth Token that I have to refresh every 24 hour. I was wondering if my way of handling the token is secure, since I store it in bubble’s database.

Here is my process so far :

  • Run a recurring backend workflow that generates a new Auth token every day
  • Store the token in the database
  • Use the token in the Authorization Header of a repeating group that is visible on my website

Is there anyway that someone could access the token since the datatype ‘token’ has no privacy rules defined ?

I tried defining privacy rules on the ‘token’ type, but then the repeating group’s Data source won’t show to visitors on my website.