REST API security - Airtable and Custom Actions

karimoo · July 10, 2020, 5:22am

Adding a new aspect to the Security, Privacy, and GDPR discussions:
See also: Security, Encryption, Sustainability & GDPR

Possible API Key havoc?
I just read the following in the Appgyver documentation:

In the context of Airtable integration and custom actions we are using our API keys in the configuration.

@Ben @jeremy I am now wondering, if we have the same risk as described above or is there some middleware/proxy mechanism in place that the API Keys are only stored in a secured server location.

Maybe we just need a Magic Text here:

where we can add e.g. the Bearer string from a collection. This would also enable scenarios with user specific keys in the User collection.

Any thoughts?

jeremy · July 10, 2020, 10:31pm

Custom action authentication information is stored securely on the backend, so an attacker shouldn’t be able to retrieve this value.

karimoo · July 11, 2020, 4:54am

Great. Good to know.

gregdarebe · November 5, 2020, 5:09pm

@karimoo and @jeremy : given the thread started on GDPR. I am trying to see how to be GDPR compliant while using Adalo…
I see Airtable is GDPR-compliant. Assuming I use Airtable to store and process all my app users data. Would Adalo then store that data anywhere? I guess the processing via the API would continue but I assume this is secure…?

Topic		Replies	Views
Custom action API key storage best practices External Collections, Custom Actions & Collections	6	759	April 2, 2022
Airtable API moving to Personal Access Tokens External Collections, Custom Actions & Collections	0	331	February 16, 2023
Airtable Username & Password External Collections, Custom Actions & Collections	2	483	March 12, 2021
Encryption & Decryption Feature Requests	4	10	February 3, 2026
Interest Check - Airtable user authentication Resources & Tutorials	0	378	September 7, 2021

REST API security - Airtable and Custom Actions

Related topics