I’m trying to create a hybrid app that would work like this:
A window inside the designer view would appear;
The user would click a button inside of the window;
An element would be created and a custom code would be added to the page.
My problem - I can’t insert custom code without accessing the Data API.
I am able to get the token ID but how do I resolve it without a global API key? The examples in Webflow’s GitHug have a mysterious APP_TOKEN, which I was unable to find.
I was thinking about creating a database to store the user-id together with the Access Token which I get during the authentication but there’s no way to get the user-id from the designer view to match the Access Token to.
My question: How can I use Data API within the designer?
Hey, we’re actively working on some improvements to the way id tokens are used.
Today, we have a beta API for minting an idToken on the DE that’s verified by your backend
When the user signs in, you create an idToken, read the current siteId and pass that to your backend
Note that the siteId is considered speculative, ie. can be spoofed
You use the siteId to find the appropriate OAuth token cached on your backend
You attempt to call /resolve using the idToken and this OAuth token
If the site id was spoofed, this call will fail
Otherwise, you’ll be able to read basic info about the user and uniquely identify them
Next, you can mint a longer-lived session token and return that back to the DE
From there on out, you have an agreed-upon shared secret between the DE and DC
Improvement coming soon:
We’ll offer a more global credential for calling the /resolve endpoint with just the idToken (ie. you don’t need to do step b and use the speculative siteId)