REST API security - Airtable and Custom Actions

Adding a new aspect to the Security, Privacy, and GDPR discussions:
See also: Security, Encryption, Sustainability & GDPR

Possible API Key havoc?
I just read the following in the Appgyver documentation:

In the context of Airtable integration and custom actions we are using our API keys in the configuration.

@Ben @jeremy I am now wondering, if we have the same risk as described above or is there some middleware/proxy mechanism in place that the API Keys are only stored in a secured server location.

Maybe we just need a Magic Text here:
where we can add e.g. the Bearer string from a collection. This would also enable scenarios with user specific keys in the User collection.

Any thoughts?


Custom action authentication information is stored securely on the backend, so an attacker shouldn’t be able to retrieve this value.


Great. Good to know.

@karimoo and @jeremy : given the thread started on GDPR. I am trying to see how to be GDPR compliant while using Adalo…
I see Airtable is GDPR-compliant. Assuming I use Airtable to store and process all my app users data. Would Adalo then store that data anywhere? I guess the processing via the API would continue but I assume this is secure…?