How do you store/use secret API key data?

Hello everyone,

When you are interacting with 3rd party services and making API calls that use both the public AND private API keys, how do you handle the storage/obfuscation of these variables away from the client-accessible javascript files?

By not using Webflow to access them without a middleware tier.

1 Like

@trynix - to elaborate on what @webdev said, generally you’ll have a third party backend hosted on something like AWS that will act as the middleman between two services and typically stores api keys and other sensitive data in environment variables.

2 Likes

@sam-g looking at doing something like this. Any recommendations on where to get started? Tutorial maybe?

1 Like

The way I handle this is with using a Glue Service like Make (Integromat) or Zapier. It’s really easy to setup and use.

I looks like this:

Webflow --> Make / Integromat --> API
            (Secret API Key)

Make is designed to store your secret keys for you (or they just connect to a service via oAuth).

Most of my screencasts and tutorials will show you how to do this, here are some examples:

Make stores all that info for you securely.

Loads more examples if you dig around the blog.

@learyjk - what are you trying to do specifically? I might be able to point you in the way of tutorial if I knew what you were after.

@sam-g just exploring how to pull data from external APIs (vice Webflow CMS). I’d prefer to be able to use the native JS fetch API but not sure how to do it without a 3rd party solution like Make. Wondering if I can host something on an AWS EC2 instance that I could send requests to from Webflow and then have that use the key.

Maybe I set up my own API using Express on an AWS EC2 and then forward those requests but now with an API key that is stored in the EC2 env vice somewhere on Webflow where the key would be public.

Another, very recent option is to use Webflow’s own native Logic: Automate and connect your website | Webflow Logic

It has an HTTP request action that allows you to store credentials in. But others may have better guidance for you.

2 Likes

@learyjk - you can use webhooks to send requests to an endpoint that you choose from Webflow without credentials. If you are trying to pass CMS data from Webflow to another service you can do so that way. If you are trying to pass data into Webflow or go both directions you’ll need to use something like Zapier or set up your own server to authenticate and make requests.

1 Like