When/how should we use "API Access on field types"? (public/private/internal)
I'm struggling a bit with this "API Access on field types" option. The doc explains what it does but not how to use it.
The behavior of those 3 choices is counterintuitive.
I'd have expected the "private" to allow the field as an input but not sending back the field value as output. Instead, it blocks it from input and still send it back as output.
What's the reasoning behind this behavior? I fail to understand the use-case.
In my situation, I have 3 different fields:
password: I don't want this field to be returned by the API (by default), and I don't think there is any exception to this. Setting the password will be done by the special `auth` endpointsairtableId: I don't want this field to be returned by the API (by default), but there will be exceptions where I need to return it. I do want to allow this field as input in many API endpoints, though.authToken: I don't want this field to be returned by the API (by default), but there will be exceptions where I need to return it. I do want to allow this field as input in a few API endpoints, though.
What should be the API Access for each field? Only the password is clear enough to me:
password: InternalairtableId:- If Public, it's returned by default in all endpoints, which isn't what I want.
- If Private, it doesn't allow to use it as Endpoint Input by default, and I couldn't enable it on specific endpoints either. Also, it will be returned by default (which isn't what I want)
- If Protected, it won't be returned by default (which is what I want), but I believe I'll be able to force that on some endpoints (haven't tested this, though)
authToken:- Same questions as for
airtableId.
- Same questions as for
So, what's the proper reasonning behind those choices?
How should airtableId and authToken be configured in my case?
Best Answer
-
Hi @Ambroise API access on fields is applicable for Database Link input types. Database Link takes the exact settings of your database schema and applies them to inputs (these are the default input types for CRUD operations, for example). It's like applying a shortcut setting for all the Database Links you're using (if any).
What you return in an API response is completely up to you and customizable on each API endpoint. You can control what is returned in your Database Request functions by clicking on Output and customize response. (For example: https://docs.xano.com/working-with-data/functions/database-requests/get-record#output-the-response)
Answers
-
So, I guess "API Access on field types" should rather be named "API Access on Input fields".
To answer my question,
airtableIdandauthTokenneed to be Public, because they must be set as API inputs in some API endpoints.
Categories
- All Categories
- 53 ? Announcements
- 47 ? Releases
- 37 ? Welcome
- 983 ? Help! I'm a Noob
- 125 ? No-Code Front-Ends
- 633 ? Working with APIs
- 439 ? Transforming data
- 126 ? Connect Xano to ...
- 50 ?? Find an Expert
- 348 ❓Other questions
- 35 ? Security
- 22 ✂️ Snippets
- 19 ? Showcase
- 7 ?️ Xano Chatter
- 62 ? Video Tutorials
- 171 ? Request a feature
- 229 ? Report a Bug
- 19 ? Templates & Extensions
- 7 ? Feedback