Home App Docs Blog Github

Private API / Authentication for Data Sources

I was wondering if the Data Sources feature of Builder can be used with private APIs, that require authentication headers for example? If so, how would this work?

I’m wondering for a couple APIs that use an Authorization header with a Bearer <token>, and for another that uses a custom header. I’m also curious if it would be able to do anything dynamic to fetch a token to be used?

Hi @jballo, thanks for reaching out! You can achieve this using advanced data fetching + a bit of custom javascript. This guide should help point you in the right direction. Let me know if you have any additional questions!

Hi Kara, thanks for that link. I think the info in that post gets me most of the way there. However, I’m unsure about what parts of a request I can get access to. I’m unsure about putting sensitive data into the URL / path, like a token. Is it possible to access a request header on the builder side? Or are there any best practices to recommend for this case?

Hi @jballo,

This is possible by using fetch. The guide Kara mentioned above should help point you in the right direction.

We wouldn’t recommend putting any sensitive token/bearer token inside of that code since that might be sent to the user’s browser and evaluated there. One option you could try is to ensure that you use only server side rendering or the HTML API (this will evaluate that code only on our servers).