Implementing Bearer Token Security in Wappler APIs for Integration with Third-Party Applications

Wappler General How To
, ,
#1

Hello Community,

I’ve been developing a set of private APIs using Wappler for my project, which will be integrated with third-party applications. These APIs interact with CouchDB and handle tasks like posting data. While they’re currently functioning well, I’m now looking to bolster their security by implementing Bearer Token authentication.

However, I don’t have user and roles tables in my database, as these APIs are designed to be simple and don’t require user authentication. I’m unsure about the best approach to implement Bearer Token security in this scenario within Wappler.

Could someone provide guidance on how to implement Bearer Token security in Wappler APIs without relying on user and roles tables? Any insights, tips, or recommended resources would be greatly appreciated.

Thank you in advance for your help!

Best regards,
Pratik

2 Likes
#2

Hi Pratik,

You can create an api_keys table with a token column inside. When creating keys, you generate a random string with X amount of characters.

I wouldn’t use the standard Wappler security steps (such as Security Restrict), but instead create my own Library action that would perform a Database Query and see if the token exists. If it doesn’t, use a Response step to answer “Invalid token”, which should also stop the rest of the execution.

Slightly more advanced, the token column should be an index to allow fast database lookups. I’m not sure if Wappler has an option to mark a column as an index, but in time you’ll reach there.

3 Likes
#3

Thanks @Apple for response,

I am creating API key collection like:
image

How can i validate that API key in Wappler API so it will ristrict API call without or wrong key:

image
image1476×757 47.4 KB

#4

On top put a Database Query step to query the table api_keys WHERE token = $_GET.key
And then you put a Condition if the count of query (Database Query) is 0, then it’s an invalid key

Sorry, I lack the time to put screenshots :slightly_frowning_face: But feel free to ask if you need further help, someone will help you

3 Likes
#5

No Problem @Apple, I’ll try this.

Thanks :slightly_smiling_face:

#6

I noticed these format mismatch in your screenshot…

image
image1241×454 89.7 KB

I don’t know if it is draft handcoded just for showing here or you have to check if those timestamps are OK.
Just saying…

#7

Dear @famousmag,

That was just trial i was doing for removing space from date and Time i’ll take care of that.

Thanks for response. :handshake:

1 Like