Hi everyone,
I am trying to send API calls from a Webflow form’s data to various endpoints. The code currently works, but one of the endpoint URLs and bearer token is exposed.
This seems like a super common task and I’m wondering if there are existing best practices for how to handle this type of situation?
Thanks in advance!
Drake
Yes. Use middleware to ensure you are not displaying credentials.
Awesome! When you say middleware, can you be more specific? Do you mean tools like Zapier, Make, Pipedream, etc?
Those qualify and are low/no-code.
Great - thanks @webdev!
How would you secure the front end added endpoints/webhooks to Make/Zapier though? Wouldn’t anyone be able to grab those and use those just as well?
@SiavashVJ - If you needed to protect a webhook URL you could easily set up a reverse proxy that only allowed a certain referrer to post to a secret endpoint. You could also check for a value before running some steps.
can you please provide some steps, or any third party