I added a JSON data model in Builder, to explore whether I can use that as a data source on other pages I build in the Pages feature of Builder.
Is there an easy way to link that model as a data source? In the data source feature, I know I can fetch any URL, but I wonder if there’s a more direct way to bring in Builder data sources. Plus, I’m unsure of whether I should just write out the URL including the API key in it - I want this to both the page and the JSON data model to be private. I’m not sure if it’s secure to just put a private API key in the URL for a data source.
At this time there isn’t an easy way to link the model as a data source but this is a great feature request and I’ll pass it onto our team! For now we would recommend using a URL.
Can you clarify what you mean by you want both the page and the JSON data model to be private? If you generated a private API key, you shouldn’t include this but public APIs are safe to do so.
Our use case is that some of the content for a site we’re working on is in a members-only section - for that part of the site, we would create some content where both pages and data we would enter in the JSON content model would all be private-only.
Does the API key used in a Data Source ever get exposed to the front end? For now, we would serve this page from a server-side render, so the use of a private API key to fetch the initial page would be fine.
For the data sources that a page uses, I’m not clear on whether these are exposed. I’m guessing that it’s possible that Builder only returns rendered HTML, so there isn’t a risk of exposure, or perhaps it can come through somehow?
Hi @jballo, when you add something as a data source or in the custom JS section of a content entry it becomes part of the data object for that content. Depending on how you’ve integrated Builder, you’re either loading that data object via our APIs or via one of our SDKs.
If you want to make sure this content isn’t public, then you need to ensure that you’re not making the API request or loading content via the SDKs unless the user has permission to see it.
Also if you are rendering content server-side and not making any additional Builder API requests or loading the SDK, then we’re not doing anything that would load the full data object. The end user would just see the rendered HTML. Does that make sense?
Thanks for reaching out!