[Best Practices] How to securely call external APIs from <script>?

Drake_Ballew · October 9, 2023, 5:16pm

Hi everyone,

I am trying to send API calls from a Webflow form’s data to various endpoints. The code currently works, but one of the endpoint URLs and bearer token is exposed.

This seems like a super common task and I’m wondering if there are existing best practices for how to handle this type of situation?

Read-only link.

Thanks in advance!

Drake

webdev · October 9, 2023, 6:35pm

Yes. Use middleware to ensure you are not displaying credentials.

Drake_Ballew · October 9, 2023, 9:51pm

Awesome! When you say middleware, can you be more specific? Do you mean tools like Zapier, Make, Pipedream, etc?

webdev · October 9, 2023, 9:57pm

Those qualify and are low/no-code.

Drake_Ballew · October 9, 2023, 10:01pm

Great - thanks @webdev!