Authorize without auth screen for a backend

Christian_M1 · March 21, 2024, 2:55pm

Hi,

I am trying to create a server that simply reads a collection from my webflow blog site, and I am trying to get the auth_token without having to do so through the webpage. Is there a way for a backend server to get the auth_token? Or better yet is there a way for my backend to just read the collections that I have?

dmitrypimenov · March 21, 2024, 6:33pm

If you’re building for yourself (ie. a first party use case), you can mint a site-scoped token for direct use.

To create one, go to Site settings > Apps & integrations > API access > “Generate API Token”

Zephyr · May 13, 2024, 8:05pm

@dmitrypimenov I’ve done this but how do I use it with directly including in a script for a given page and exposing API_TOKEN to the public?

For example:

<script type="text/javascript">
const axios = require('axios');
// Wait for the page to load first
window.onload = function() {

    const button = document.getElementById('get_item');

    button.addEventListener('click', function(event) {
        // Get the ID of the clicked element
        const clickedElementId = event.target.id;

        // Display the ID in a popup dialog
        //alert("Clicked element ID: " + clickedElementId);

        // Perform request to the webflow API
        // API Access Token
        const API_TOKEN = 'abc123...';
        const SITE_ID = 'XXXX';
        const COLLECTION_ID = 'YYYY';
        const ITEM_ID = 'ZZZZ';

        // Endpoint for fetching a specific item from a collection
        const endpoint = `https://api.webflow.com/v2/sites/${SITE_ID}/collections/${COLLECTION_ID}/items/${ITEM_ID}/live`;

        // Axios configuration for authorization
        const config = {
            headers: {
                Authorization: `Bearer ${API_TOKEN}`,
            },
        };

        // Make a GET request to fetch the collection item
        axios.get(endpoint, config)
            .then(response => {

                // Log the name and id in the console
                console.log("Name:", response.data.fieldData.name);
                alert("fieldData.name" + response.data.fieldData.name)

            })
            .catch(error => {
                console.error('Error retrieving collection item:', error);
            });
    });
}
</script>

zachplata · May 17, 2024, 3:09pm

Hey @Zephyr - I wouldn’t recommended this because the API_TOKEN could be easily discovered. I would recommend setting up a simple server API endpoint that your front-end script here can call into. This API endpoint can then do the work of hosting the access token in an environment variable, database, etc. There’s some solutions out there that I think you can start deploying to for free to start out with like:

Vercel (i.e., Node (Express) w/ Vercel)
Netlify (i.e., Node (Express) w/ Netlify)

dante · July 10, 2024, 9:02am

Thanks, this actually helped me with problem.

Topic		Replies	Views
Make API only available to me Data API	1	466	February 27, 2023
Local development with the Webflow API Data API	8	5076	September 15, 2018
How to create read only API access Data API	7	2352	July 17, 2018
Which token should I use for GET List Sites? Data API	2	47	February 13, 2025
Designer API doesn't allow file upload nor current auth user for keys generators App Developers	2	410	October 24, 2023

Authorize without auth screen for a backend

Related topics