I’ve been developing a set of private APIs using Wappler for my project, which will be integrated with third-party applications. These APIs interact with CouchDB and handle tasks like posting data. While they’re currently functioning well, I’m now looking to bolster their security by implementing Bearer Token authentication.
However, I don’t have user and roles tables in my database, as these APIs are designed to be simple and don’t require user authentication. I’m unsure about the best approach to implement Bearer Token security in this scenario within Wappler.
Could someone provide guidance on how to implement Bearer Token security in Wappler APIs without relying on user and roles tables? Any insights, tips, or recommended resources would be greatly appreciated.
You can create an api_keys table with a token column inside. When creating keys, you generate a random string with X amount of characters.
I wouldn’t use the standard Wappler security steps (such as Security Restrict), but instead create my own Library action that would perform a Database Query and see if the token exists. If it doesn’t, use a Response step to answer “Invalid token”, which should also stop the rest of the execution.
Slightly more advanced, the token column should be an index to allow fast database lookups. I’m not sure if Wappler has an option to mark a column as an index, but in time you’ll reach there.
On top put a Database Query step to query the table api_keys WHERE token = $_GET.key
And then you put a Condition if the count of query (Database Query) is 0, then it’s an invalid key
Sorry, I lack the time to put screenshots But feel free to ask if you need further help, someone will help you
But feel free to ask if you need further help, someone will help you
