Help

Re: Feature Request: Adding user's API key to a `Session`'s `CollaboratorData` properties

1169 0
cancel
Showing results for 
Search instead for 
Did you mean: 
Matthew_Thomas
7 - App Architect
7 - App Architect

I know there has been lots of discussion about Airtable Apps regarding API keys and the best way to store them—I believe the current recommendation is still in globalConfig.

My request is about Airtable’s own API keys in particular. It would be great if a Custom App was able to access the current user’s Airtable API key via a new readonly field in their CollaboratorData. When accessed via the App’s Session, this could really help with customizing the app per user and ensure any API calls they make are tied to their Airtable account.

I don’t think this is currently possible, but I’d be curious to see if others would find this helpful as well?

2 Replies 2
Ben_Orozco
7 - App Architect
7 - App Architect

Same here, we need to explicitly ask the user for their Airtable API key and store it in globalconfig

I don’t think fetching the API key would be the best practice in terms of security.

I believe it would be more appropriate to have an OAuth2 mechanism to make the user explicitly consent the consumption of the API on their behalf

I am using OAuth2 in a separate context to connect with a 3rd party app/API, and I think that functionality would definitely be welcome as well!

For this feature request, I don’t think OAuth2 is necessary though. A Custom App already has access to who is running/accessing the Custom App through the Session (session.currentUser). From the current user, you can access a few properties (name, email, etc.), but not the user’s Airtable API key. That’s what I think would be really helpful to add.

For Airtable-Airtable contexts, I don’t think it’s necessary to explicitly ask the user for their API key. If they try to make a call to another Airtable base (something the Custom App API doesn’t natively support) their key doesn’t have permissions for, the API would return an error and the app could display that.