REST API security - Airtable and Custom Actions

karimoo · July 10, 2020, 5:22am

Adding a new aspect to the Security, Privacy, and GDPR discussions:
See also: Security, Encryption, Sustainability & GDPR

Possible API Key havoc?
I just read the following in the Appgyver documentation:

In the context of Airtable integration and custom actions we are using our API keys in the configuration.

@Ben @jeremy I am now wondering, if we have the same risk as described above or is there some middleware/proxy mechanism in place that the API Keys are only stored in a secured server location.

Maybe we just need a Magic Text here:

where we can add e.g. the Bearer string from a collection. This would also enable scenarios with user specific keys in the User collection.

Any thoughts?

jeremy · July 10, 2020, 10:31pm

Custom action authentication information is stored securely on the backend, so an attacker shouldn’t be able to retrieve this value.

karimoo · July 11, 2020, 4:54am

Great. Good to know.

gregdarebe · November 5, 2020, 5:09pm

@karimoo and @jeremy : given the thread started on GDPR. I am trying to see how to be GDPR compliant while using Adalo…
I see Airtable is GDPR-compliant. Assuming I use Airtable to store and process all my app users data. Would Adalo then store that data anywhere? I guess the processing via the API would continue but I assume this is secure…?

Topic		Replies	Views
Airtable API moving to Personal Access Tokens External Collections, Custom Actions & Collections	0	323	February 16, 2023
External Users with Airtable? External Collections, Custom Actions & Collections	1	814	March 10, 2021
Tips for using Custom Actions Get Help	5	989	October 24, 2020
Adalo/Airtable integration External Collections, Custom Actions & Collections	0	451	June 3, 2021
External API requires Base 64 with HMAC SHA1 External Collections, Custom Actions & Collections	0	325	January 16, 2021

REST API security - Airtable and Custom Actions

Related topics