I have a special case where I have CMS data models that have a preview URL.
I want to be able to display data from references to other private models on the preview URL. For public references, I would just resolve the reference client-side (e.g., with
useEffect in React) and feed the data to my preview. But private references need a private API key to resolve, and I don’t want to include the private key in my JS bundle.
Also worth noting, the preview URL is only ever used within the Visual Editor for previewing/editing purposes, never for public consumption.
Is there some way to feed data into that preview URL from private models using Builder.io’s own webauth state? As in, is there a way to use your logged-in status within the Visual Editor to bypass the need for a private API key? If possible, it would be a major boon, because otherwise I need to either expose the private API key in my JS bundle or proxy the content API w/ the private key stored on the server, then create an authentication scheme to restrict access to either. But if I can just piggyback on top of Builder.io’s own auth just for accessing private content while within Visual Editor, that would save me a huge hassle.
@steve seemed to indicate that this was possible in a convo I had with him, but he didn’t elaborate and I may have misunderstood him. He’s busy, so at his suggestion, I’m opening up the convo to the forum. @TimG, any ideas?
This is a pretty advanced use case, I’m not sure it’s even technically possible.
I notice that the Firebase auth token gets stored in the browser using IndexedDB, and I’m assuming there’s some way to access private content with this. I don’t see how I can access that token from within the Visual Editor’s iframe, however. The browser considers the token and my JS running inside of the iframe as being on different domains, blocking access between the two. I don’t see anything inside of local storage or session storage that could be accessed cross-domain that would help.