How to authenticate API for Retool frontend
Options
Rand
Member ✭
I have GET and POST API requests going to Retool through an open API which allows users in Retool to see all Xano table records and edit specific ones based on their ID.
I'd like to secure the connection but I'm having issues.
I tried the out the box Xano functionality for API authentication but this doesn't work as there's no users table, just a table of data where each row is unique with no user accounts attached.
I then tried creating a preconditional parameter for a customer API key, however, this doesn't feel secure as it appends the key to the API url.
My assumption is that I need to create a custom header and API key for the APIs connected with the table.
If I'm right, how might I do this?
I'm there's a better way to do this, however, I'm open to all ideas.
Thanks
I'd like to secure the connection but I'm having issues.
I tried the out the box Xano functionality for API authentication but this doesn't work as there's no users table, just a table of data where each row is unique with no user accounts attached.
I then tried creating a preconditional parameter for a customer API key, however, this doesn't feel secure as it appends the key to the API url.
My assumption is that I need to create a custom header and API key for the APIs connected with the table.
If I'm right, how might I do this?
I'm there's a better way to do this, however, I'm open to all ideas.
Thanks
Comments
-
It kind of depends on what you want to accomplish. Are you looking to have different people have different access? Or just put a layer of security over the top so some enterprising third party doesn't just come in and pretend to be retool for the purpose of accessing the data?
-
I think I have a solution for you! I saw your comment in another thread that makes me think you just want to add header authentication. That's pretty easy! Just set up your API endpoint to validate the header in the function stack! I made a video showing how this can work: https://www.loom.com/share/048f61b95ae140c0b968deb20f7c94e0
-
just a layer of security over the top for now but in the future it might be interesting to give various users of different permission types access to the whole dataset in the table and being able to monitor usage from each of them.
-
this is exactly what I was looking for to secure the data transfer between two tools. It’s single user access at the moment, hence not having a users table. But a future scenario I might want to configure for is one where there’s a master dataset of records and I’d like to give different collaborators access to that data set via APIs and being able to monitor their usage of the API.
-
awesome! Because you have access and control over these headers you can absolutely set up multiple api keys etc that you check, tick the usage meter (maybe my updating a database field) and also calculate whether they are against limits.
Categories
- All Categories
- 53 ? Announcements
- 47 ? Releases
- 37 ? Welcome
- 983 ? Help! I'm a Noob
- 125 ? No-Code Front-Ends
- 633 ? Working with APIs
- 439 ? Transforming data
- 126 ? Connect Xano to ...
- 50 ?? Find an Expert
- 348 ❓Other questions
- 35 ? Security
- 22 ✂️ Snippets
- 19 ? Showcase
- 7 ?️ Xano Chatter
- 62 ? Video Tutorials
- 171 ? Request a feature
- 229 ? Report a Bug
- 19 ? Templates & Extensions
- 7 ? Feedback