Use API without exposing secret key

donkikong · September 14, 2018, 9:31am

I would like to use the Squidex API in a JavaScript powered web app (e.g. with a framework like Vue or React or similar).

Is it possible to call the API without revealing the secret? Or do I need to use some tunnel in that case?
Is it possible to restrict API access (e.g. from a specific domain only)?

Thx!

pushrbx · September 14, 2018, 10:02am

I’ve written my own gateway app which provides tokens for the javascript, but these tokens only provide read-only access. Afaik there is no built-in functionality in squidex atm which wouldn’t require you to expose the secret. Regarding question 2.: What you are asking for sounds like an API gateway, so I would recommend looking at these:

Kong
Apiman (im curently using squdex with this, because it allows me to have custom permissions/authorization)

donkikong · September 14, 2018, 10:05am

Thx for the lightning quick reply! Awesome, that helps me.

Sebastian · September 14, 2018, 1:32pm

@pushrbx Do you want to write an article / page for the documentation about apiman?

pushrbx · September 15, 2018, 10:39pm

Sure. Just drop me a PM with your expectations.