API Security
Options
Mazze
Member ✭
Hi guys,
just a "small" beginner question: To secure my APIs I can't use the user auth functionality. This is because I am using Adalo as Frontend and I am not part of the external user testing and can't send the users password to Xano.
Is there another way to secure my API? Is it - from a security perspective - also valid to create a system variable as some sort of a password-key that I have to add in the header of my api calls?
I just want to make them as safe as possible before launch - but as I said: Sadly I can't use the user auth part
Thanks in advance.
just a "small" beginner question: To secure my APIs I can't use the user auth functionality. This is because I am using Adalo as Frontend and I am not part of the external user testing and can't send the users password to Xano.
Is there another way to secure my API? Is it - from a security perspective - also valid to create a system variable as some sort of a password-key that I have to add in the header of my api calls?
I just want to make them as safe as possible before launch - but as I said: Sadly I can't use the user auth part
Thanks in advance.
Comments
-
Hi unless something has changed any Adalo user should be able to get instant access to External Users Beta: https://adalo.typeform.com/to/lvMSAClp
I'd recommend this if you can so you don't have to go about changing everything later down the road -
Thanks. I applied again (keep my fingers crossed). Sadly the (relatively complex) app is already ready so starting from scratch will be a pain in the ass^^ But if its the best and secure option to do I'll do it
Thanks! -
Got it, the other way sounds like a possibility but all the extra legwork required and the inevitability it's scrapped for a user authentication method makes me think to start with user authentication in the first place
-
Indeed. Lessons learned for future projects 🙂
-
If I remember correctly, I think you just go to Settings > Profile > Enable Developer Mode... possibly one more step but that might be all
-
Works. Just about to start to create my app regarding your youtube tutorial (
https://www.youtube.com/watch?v=pP32aZIJVW0 ).
Login, Sign Up words fine and I'm receiving a external user with a baerer token. But when trying to access a database I locked with user auth, I'm starting to receive the following error
[image.png]
Any ideas here? I recreated a new workspace in xano, as well as new projects within adalo serveral times -> same result and I'm like doing your tutorial step by step. Or is this more a question for the Adalo Team?
Here are some settings so far:
[image.png][image.png] -
Ok, took me a while but here is what I needed to to that's different from the video: Next to the Authorization-Header I have to add a Content Type Header before (!) the Auth-Header. Now it works
[image.png]
Categories
- All Categories
- 53 ? Announcements
- 47 ? Releases
- 37 ? Welcome
- 983 ? Help! I'm a Noob
- 125 ? No-Code Front-Ends
- 633 ? Working with APIs
- 439 ? Transforming data
- 126 ? Connect Xano to ...
- 50 ?? Find an Expert
- 348 ❓Other questions
- 35 ? Security
- 22 ✂️ Snippets
- 19 ? Showcase
- 7 ?️ Xano Chatter
- 62 ? Video Tutorials
- 171 ? Request a feature
- 229 ? Report a Bug
- 19 ? Templates & Extensions
- 7 ? Feedback