Authorizing Make.com for http call
Noob here…
I'm primarily using Xano and WeWeb together for my app. Works great. The user auth on API calls works great. There are some automations I'd like to do using Make.com, primarily using a webhook on a button to retrieve data from Xano and send to a 3rd-party PDF app.
How do I go about authorizing the HTTP call in Make that is not user-specific? I'm confused if the Metadata API token is what I need implement for this use. Or is what is described in this thread what I need to do:
Answers
-
Hey @EricP,
I am not sure if I got your question right, but I am going to give it a try.
Since you mention that the API call on Make should not be user-specific, then there is no reason for you to add the authentication method.
In case you have an endpoint on Xano that shouldn't have authentication enabled, and yet it does, you can click here:
then on the sidebar that pops up, disable authentication:
In case you weren't referring in any of those cases, please go ahead and further explain so I can assist you accordingly.
-
I know this won't answer your question, but if you want to make a PDF from Xano's data, maybe you should also consider this snippet and don't use make.com.
-
The reason I'm thinking it needs authentication is that I don't want the endpoint to be public, but maybe I'm thinking about this the wrong way.
The button/page that the webhook would be fired from in WeWeb is accessible only to logged in users.
-
@EricP, I get your point.
You can try calling the auth API with some predefined credentials (for example you can add a user on the table that his only job will be to get an authentication token) in your make.com workflow.
After that, and with that given token, proceed into calling the pdf API.
That way you won't have to worry about the user authentication, and your endpoint will have some privacy (considering the workflow will only be triggered from inside the application).
The most correct way of implementing this would be to send each user's authToken, but that surely requires more time and effort, so in your scenario I would go with the above implementation. -
This is a very cool question. Here's a video I made of how we can easily use long-lived API keys across multiple endpoints and support rotation with very little work:
-
Xano should consider adding a "Revoke Authentication Token" security function to revoke the non-expired authentication tokens created with "Create Authentication Token".
-
Thanks for making that video @Ray Deck , that really does a good job laying out how to configure Xano to authorize another app like Make. Appreciate it!
Categories
- All Categories
- 53 ? Announcements
- 47 ? Releases
- 37 ? Welcome
- 983 ? Help! I'm a Noob
- 125 ? No-Code Front-Ends
- 633 ? Working with APIs
- 439 ? Transforming data
- 126 ? Connect Xano to ...
- 50 ?? Find an Expert
- 348 ❓Other questions
- 35 ? Security
- 22 ✂️ Snippets
- 19 ? Showcase
- 7 ?️ Xano Chatter
- 62 ? Video Tutorials
- 171 ? Request a feature
- 229 ? Report a Bug
- 19 ? Templates & Extensions
- 7 ? Feedback