The next generation of the Quickbase API

Question

The next generation of the Quickbase APIWhen we first released our library of Quickbase APIs, it was a historic moment. We were far in front of the rest of the market in making it easy for people to get software to talk to other systems. However, a lot has changed since then in terms of customer expectations and common API patterns. That’s why we’re hard at work building a new set of APIs from the ground up.
You’ll soon be able to try out these new APIs for yourselves, so we wanted to give you a sneak preview of what to expect.
&nbsp;
APIs, what are they good for?
At the highest level, APIs (short for Application Programming Interfaces) allow people to integrate software systems to get them to work together. Since your business has many different needs, you have a technology stack which includes many different systems. If you’re not careful, this can lead to isolated silos of data that make it hard to see the big picture of what’s going on with your business. Using APIs is an extremely powerful and versatile way to integrate your various systems, since APIs can be used to connect virtually any piece of software on the web.
In Quickbase, APIs are so popular that we get more traffic from our API than we do from users logging into the product on the web.
&nbsp;
Benefits of the new Quickbase API

Simple and modern formatting: Developers can look forward to having a modern, RESTful, JSON-based library of APIs for Quickbase. These APIs will more closely resemble common API patterns and best practices you see with other platforms, helping you to more quickly and intuitively build.
Easily test your API calls: Our new API Portal not only documents each API call you can use and how to format them, but it also allows you to quickly test your calls. We’ll also offer more consolidated, intuitive guidance around the terminology you need to build those API calls as well as Javascript and Python code samples.
New functionality: We’ve added new functions with our new set of APIs, such as pulling summary reports, getting field usage details, and returning more detail when retrieving an app’s schema.
Consolidated set of APIs: We’ve streamlined the collection of about 60 API calls we have today into around 10 calls, focused on the fundamental building blocks of Quickbase: apps, tables, and records. Rather than remember when you need to use API_AddRecord, API_EditRecord, or API_ImportFromCSV, with our new APIs, adding a record is as simple as making a POST request to our records endpoint.

&nbsp;
We know how crucial integrations are for your business, which is why we’re completely re-imagining the API experience. We want to be bold in defining what the next decade or more of extensibility will look like, and we can’t wait for you to try it out. We’ll be opening an early access in March 2020. If you’re interested in participating, please fill out our registration form and check the “Extending Quickbase” box.
&nbsp;
Additional resources

The Empower 2019 product keynote address (start at the 55-minute mark for the API section)
Harrison’s Empower 2019 breakout session: The Next Evolution of Quickbase APIs

nickwade · Answer

Will it be possible to create client-side apps that utilize the QuickBase API?ie: will the CORS restriction be lifted from this new API?

hhersch · Answer

Hi @Nick Wade can you add some clarity to your question? CORS is a very critical web safety restriction we won't be downgrading. That being said, much of our API traffic comes from client-side/JavaScript pages in the existing API, and our new APIs support that as well. If you can add some information around the patterns you are trying to solve for, we can help better.

nickwade · Answer

@Harrison Hersch​ Are those client side apps hosted externally, or pages that are hosted as "QuickBase Pages"?Myself and colleagues at my organization have not been able to leverage the QuickBase API directly from a client-side application.Are there any examples that you could provide?&nbsp;&nbsp;Below is a sample of what I would expect to work from a client-side app, but the result is this:&nbsp;"Access to fetch at 'https://MY_QB_DOMAIN.quickbase.com/db/MY_APP_DB_ID' from origin 'chrome-search://local-ntp' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled."
var myHeaders = new Headers();
myHeaders.append("Content-Type", "application/xml");
myHeaders.append("QUICKBASE-ACTION", "API_AddRecord");

var raw = "&lt;qdbapi&gt;
    &lt;udata&gt;MY_APPLICATION&lt;/udata&gt;
    &lt;apptoken&gt;MY_APP_TOKEN_GOES_HERE&lt;/apptoken&gt;
    &lt;field fid=\"6\"&gt;nick&lt;/field&gt;
    &lt;field fid=\"7\"&gt;1234 MARKET ST&lt;/field&gt;
&lt;/qdbapi&gt;";

var requestOptions = {
  method: 'POST',
  headers: myHeaders,
  body: raw,
  redirect: 'follow'
};

fetch("https://MY_QB_DOMAIN.quickbase.com/db/MY_APP_DB_ID", requestOptions)
  .then(response =&gt; response.text())
  .then(result =&gt; console.log(result))
  .catch(error =&gt; console.log('error', error));​

hhersch · Answer

@Nick Wade They are Quick Base pages or hosted in a CDN for example and pulled into a browser.​ I'll add some color. When we talk about CORS, there are two categories:

A JavaScript page in realm1.quickbase.com calling realm2.quickbase.com. We don't allow this today and won't in the future.
A page "served" completely outside of Quick Base (like www.mydomain.com) into someone's browser.

For #2, we will allow CORS from that other domain to the new api endpoint. However,&nbsp;it is important to note that the new API will not allow you to piggyback on the user's current QB session. Since you also should never hardcode a usertoken in JavaScript, the data would either need to be available EOTI or using an intermediary solution hosted on a server.​

nickwade · Answer

@Harrison Hersch&nbsp;this would be for an EOTI permissioned app. What I am trying to accomplish is category #2 above. Not cross-domain communication ​​​​within QuickBase.That's what prompted my question in the first place because in my experience I would expect an API to be "open" (not restricted by CORS) but require token based authentication for private resources. If a QuickBase app has an EOTI user with permission to access a table, then that table isn't considered a "private resource" and the user token is not required. It is up to the dev to permission the EOTI user with the appropriate access. The source of the request (client-side or server side) shouldn't matter.If a web app is hosted, for example, on AWS S3 should this theoretically work with the new API? But not currently with the existing API?

Forum Discussion

The next generation of the Quickbase API

8 Replies

Related Content

Introducing New Quickbase Navigation (beta)

Auto-generate Name of User

Random String Generation in Quickbase

Salesforce Generic SOQL query

Generate Random #

Recent Discussions

Pipeline to remove file attachments

Pie Chart Help

Choosing Approvers from Related Table

email notification error

Anyone heard updates on Webhooks End of Service?