Help

Re: Encryption for API secret key

Solved
Jump to Solution
3398 0
cancel
Showing results for 
Search instead for 
Did you mean: 
Robin_BG
4 - Data Explorer
4 - Data Explorer

Hi all,

I am trying to adapt a script from postman where I successfully tested my API call. My issue is that the API secret key needs to be encrypted when I send the request but this requires Crypto-js.

Is there a workaround available in Airtable scripting block to make this work:

var CryptoJS  = require('crypto-js') 
// the Authorization header needs to have this very particular format, which the server uses to validate the request
// the access key is provided for the server to retrieve the API key; the signature is encrypted with the secret key

var hmacString = (method + '\n' + onNonce + '\n' + authDate + '\n' +
    headers.get('Content-Type') + '\n' + path + '\n' + queryString + '\n').toLowerCase();

var signature = CryptoJS.enc.Base64.stringify(CryptoJS.HmacSHA256(hmacString, secretKey));
var asign = 'On ' + accessKey + ':HmacSHA256:' + signature;

headers.append('Authorization', asign);

For reference the above code is from here : onshape-clients/postman at master · onshape-public/onshape-clients · GitHub using API keys method ; and so far I get this message {“message”:“Unauthenticated API request”, “status”:401}.

Thanks in advance for any help or pointers for where to look and find doc about this.
Cheers,
Robin

1 Solution

Accepted Solutions
kuovonne
18 - Pluto
18 - Pluto

Welcome to the Airtable community!

Airtable scripts must be a single file and cannot require external libraries. One workaround is to find a minified version of the library and copy/paste the entire minified library into your script. Sometimes you can also perform the required encryption outside of the script, and then include only the encrypted result in your script.

However, keep in mind that including credentials (even encrypted) in your script is a security risk – anyone with access to the base will be able to see your API key.

See Solution in Thread

5 Replies 5
Steve_Haysom
8 - Airtable Astronomer
8 - Airtable Astronomer

Would it be easier to use a custom app rather than the scripting app? Then you can install node modules directly using npm install, and use import rather than require.

kuovonne
18 - Pluto
18 - Pluto

Welcome to the Airtable community!

Airtable scripts must be a single file and cannot require external libraries. One workaround is to find a minified version of the library and copy/paste the entire minified library into your script. Sometimes you can also perform the required encryption outside of the script, and then include only the encrypted result in your script.

However, keep in mind that including credentials (even encrypted) in your script is a security risk – anyone with access to the base will be able to see your API key.

Yes I realise that I wouldn’t have the issue with a custom app but I am fairly beginner at this and an app seems a bit overwhelming.

Thanks !

Thanks for getting back to me ! I like this idea, at least to test my script in the short term.

Cheers, Robin

yes, fully understand.