App token as a variable

I am not 100% sure it will work.

BUT, go to the main settings of your APP, click on variables. Name it whatever you want, and post the token there. These are global variables usable throughout the entire APP. 

I have never implemented this myself, so good luck.

Edit: I do believe the variable is called just like a normal field.

So if you name it globalToken

you do something like:

 IF ( [globalToken] )

Thanks.
I can't see any security issues compared to placing the token in the buttons directly.
But others may know better...

My only comment is that it�s unlikely that you will change the app token in the future. But sure, it will work fine.

Application Variables are not well known so another comment is if someone else takes over support for the app they may be confused about that �field� in your formula.

Thanks.

From a security risks stand point, I would make sure the formula field on each table that is derived from the app global variable cannot be used on any reports, nor searcheable.

>Does that lead to any security risks?

Application token are "bearer tokens" meaning that anyone who knows the token can use it to access resources without further security permissions. Generally bearer tokens are not used client side as they can be read by anyone without further permissions. 

Dan is right. To add to his comment, because apptokens and usertokens are used with API Calls, which can be extremely powerful, exposing tokens has to be dealt with caution. Normally, you would need the App tokens AND a ticket or usertoken to make these API calls. However, if the application is open to everyone on the internet and that role has read permissions or add permissions on a given table, just the app token is enough to be able to read and add to that table.

Using the app token as a variable works fine. 
Thanks for the replies. App is not open to anyone on the internet. 
My understanding is that from a security perspective, if you use a variable, it still seems the same, as if the actual app token was entered directly into each button formula, and the app tokens themselves cannot be hidden ( https://community.quickbase.com/quickbase/topics/hide-apptoken-on-formula-rich-text-button-using-a-a... ).

I was thinking this could be an easy way for an admin user, to change the app token, on all buttons if required, rather than having to go through each button.