Skip to main content

Hi all,


I am trying to adapt a script from postman where I successfully tested my API call. My issue is that the API secret key needs to be encrypted when I send the request but this requires Crypto-js.


Is there a workaround available in Airtable scripting block to make this work:


var CryptoJS  = require('crypto-js') 

// the Authorization header needs to have this very particular format, which the server uses to validate the request

// the access key is provided for the server to retrieve the API key; the signature is encrypted with the secret key



var hmacString = (method + '\n' + onNonce + '\n' + authDate + '\n' +

    headers.get('Content-Type') + '\n' + path + '\n' + queryString + '\n').toLowerCase();



var signature = CryptoJS.enc.Base64.stringify(CryptoJS.HmacSHA256(hmacString, secretKey));

var asign = 'On ' + accessKey + ':HmacSHA256:' + signature;



headers.append('Authorization', asign);

For reference the above code is from here : onshape-clients/postman at master · onshape-public/onshape-clients · GitHub using API keys method ; and so far I get this message {“message”:“Unauthenticated API request”, “status”:401}.


Thanks in advance for any help or pointers for where to look and find doc about this.

Cheers,

Robin

Would it be easier to use a custom app rather than the scripting app? Then you can install node modules directly using npm install, and use import rather than require.

Welcome to the Airtable community!


Airtable scripts must be a single file and cannot require external libraries. One workaround is to find a minified version of the library and copy/paste the entire minified library into your script. Sometimes you can also perform the required encryption outside of the script, and then include only the encrypted result in your script.


However, keep in mind that including credentials (even encrypted) in your script is a security risk – anyone with access to the base will be able to see your API key.

Would it be easier to use a custom app rather than the scripting app? Then you can install node modules directly using npm install, and use import rather than require.


Yes I realise that I wouldn’t have the issue with a custom app but I am fairly beginner at this and an app seems a bit overwhelming.


Thanks !

Welcome to the Airtable community!


Airtable scripts must be a single file and cannot require external libraries. One workaround is to find a minified version of the library and copy/paste the entire minified library into your script. Sometimes you can also perform the required encryption outside of the script, and then include only the encrypted result in your script.


However, keep in mind that including credentials (even encrypted) in your script is a security risk – anyone with access to the base will be able to see your API key.



Thanks for getting back to me ! I like this idea, at least to test my script in the short term.


Cheers, Robin

Yes I realise that I wouldn’t have the issue with a custom app but I am fairly beginner at this and an app seems a bit overwhelming.


Thanks !


yes, fully understand.

Reply


Terms & Conditions