Hide apptoken on formula rich text button using ?a=API_EditRecord

Question

Hi,When using an app token and a button (e.g. ?a=API_EditRecord), how do you stop the app token displaying when someone views the source code on chrome?Thanks

joshuatate · Answer

Theres no reason to worry about anyone seeing it, the app token only allows a user to view/edit what they have permission too :)
But if you truely worry avoid an API call for no reason, take Dan Diebolt's example linked belo for using FormData

https://haversineconsulting.quickbase.com/db/bgcwm2m4g?a=dr&rid=594&_ga=2.46583205.30083185.1535698739-556233741.1535475745

_anomdiebolt_ · Answer

I might add that you can't hide anything from a user who examines the source code. All HTML, CSS and JavaScript is visible. You can make it more difficult for a casual user to see portions of the source code but the best you can do is obfuscate things.

joshuatate · Answer

My advice in what Dans just pointed out is the only way to avoid a user seeing what you dont want them to see is to use a proxy. below is a link to a simple Node.js server you can setup to route/proxy the api calls. You can put your apptoken on the proxy server and whitelist only your realm on quickbase. you can also stop the webfacing site so when someone goes to the url they see nothing. :D

https://github.com/Rob--W/cors-anywhere

garyboyd · Answer

Thanks for the advice.

Forum Discussion

Hide apptoken on formula rich text button using ?a=API_EditRecord

Related Content

Delete Formula Button Error

Formula Assistance

Formula Url Buttons

Formula Query with custom key

URL formula -API_RunImport