0

access a specific user inside a ninox function that's called through the api

Hi everyone,

so I'm accessing some table in ninox through the ninox api with an api key. For security reasons, the api call is done through an external script, so as not to expose the api key to avid technical users (aka hackers).

Of course, inside the ninox function that is called, it doesn't have any user info, since the api key is not tied to any specific user. However, I need to do some filtering of the returned data based on user attributes.

Is there some way, to pass the user's token to the external script and feed it to the api call, and then lookup the user on the ninox server side or lookup the user's roles with that token from the external script?

I'm aware the ninox user cookie is set as httponly=true so it can't be accessed from javascript. but maybe there is some hacky way involving external system to get ahold of it despite of that?

3 replies

null
    • szormpas
    • 7 days ago
    • Reported - view

    Hi,

    I've recently started looking into the Fetch API to make calls to the Ninox server from inside Ninox. I'm a bit worried about exposing the Ninox API Key this way.

    Could you tell us a bit more about this external script? Could you tell us how you put this script into practice?

      • mengelhardt
      • 6 days ago
      • Reported - view

      please feel free to post a separate thread for this question.

      • szormpas
      • 6 days ago
      • Reported - view

       thank you, I will start a new thread.

Login to reply

Content aside

  • 6 days agoLast active
  • 3Replies
  • 33Views
  • 2 Following