I have been trying for a few days now to see if I am on the right path. I have ready many community posts on sessions, session variables, how to pass variables between pages… Etc.
I am new to the backend side of developing so I am a little lost. I have an idea as to what is needed but I really need someone to help with the process.
What I am trying to do is use an API form to connect to our internal company backend for both creating a user and verifying a user. When the call happens a unique ID key is sent back. I am assuming I will need to store this in a session variable and create a global variable that allows for page access and population of that users specific data pulled from our server.
The issue is I am not sure where I start to create this. Do I need to create a data base to store the session variable? is the security provider still needed? If so I would assume it would need to be associated to the database set to store the unique key. Can I get away with not using a database since we have this on our company server side?
If I can just get a starting point with a few guides I can get this moving forward and start the trial and error process.
Wish I could you help more, but I haven’t really explored this part of the front-end
No, you just need to use the Session Manager so you can store the “API login key” you get back into a cookie or (HTML5) local storage, so you can re-use it for further API Forms/Requests
I am sure the solution will be simple enough but there are some questions which need clarifying before a solution can be formulated.
You are using an API ca;ll to get data from your internal company backend. Is that a server connect or app connect API call?
Will the user be authenticated via Wappler’s security provider at the time?
Not sure what you mean by having to create a global variable? SESSION variables are by default global and also limited in sciope to teh current server session user so are secure. I would be careful about how you manage the ID key so as not to reveal it to the front end
Unless you tell me more, all that should be needed is the definition of the session variable in each API action needed access to it.
@Hyperbytes Thank you Brian for the help. This is an API call that my backend team set up. /createuser and /userlogin there are also a few other calls. With regards to your question around Wappler Security, I am not sure. That is where the confusion comes in. I have successfully through the API form logged in and created a user. Our server has verified that. Once a user has been created or verified our server sends back a unique session key. This key will allow for the correct information to populate the users dashboard. Our server controls this information access. However, There are different level of access users;
Level one: - access to the website and a more detailed tool set along with a simple dashboard
level two - access to all toolsets and the pro dashboard
Level three - accredited investor portal
Now the unique session key allows for investor or purchaser information to pass but I assume I would need this same key to give access to different pages that each user is allows to view. Does that mean I need to utilize the Wappler security provider?
I think your conceptualisation of how it should work is part if your problem.
You wont need tge security provider in relation to the API access.
You should be passing the requests from the calling page, firstky checking the current session user has a security key stored (if not divert to authorisation page)
Then the api call should be made with the ID stored in the session variable.
If call is declined then again back to authorisation otherwise the data returned can be passed to the image for display.
I suspect you have overcomplicated this in your head
A session variable is held in memory on the server and is unique to the current connected user. Once created, as i said, then it can be accessed in any server API action.
Be aware, a session in server connect is a server session , a session in a browser (app connect) is a browser session. They are NOT the same thing
Brian, again thank you for you help and any future help! I took a break on the access API for the site for a bit as it was just frustrating me and I wanted to go over with you my questions as I am sure I am just missing a step or two on verification.
The main.ejs file is created with a dynamic modal. In this modal is a register user section and a login user section.
I followed the tutorial on how to pass variables between pages. Here is my question… **why am I not able to select the security API that has been created **? I am getting very frustrated because when I select the form it does not show up as a way to associate the form input.
Should I not be able to pass the information such as the key header and user / pwdhash from the security api? see the image below and how it is not selectable. I am sure I am missing something very simple.
Disclaimer: I didn’t read what you wrote, I just skimmed through the screenshots
You should double-check this, Wappler is not receiving the token, it’s receiving a string whose token is inside it. Notice the " in the beginning, that marks the beginning of a string (wrapped in JSON notation), instead of the expected {. You should fix that before moving to something else, as that ruins Wappler’s schema generation on other steps, so Wappler would never show you a “token” variable in the UI
That looks good. Now, have you tried on form success (1) to set the session token in your session manager (2) to whatever you got in fmLogin.data.token?
I have not gotten that far but I was planning on that. My real question is this, what is the need for the API security under workflow? If i need to add the same info directly in the API form? I was under the impression that the form would reference the api workflow?
Does this mean I just need to set the information in each form? Do I not need the workflow API section? I am just a little confused as to who they work together if I cannot access the workflow.
In your specific use-case, you don’t really need to use the Workflow stuff at all, so you can delete your “security” in Workflow. The Workflow is if you were building your own back-end in Wappler, which you’re not.
storing the API access key. I would assume I would want to store this in a global variable and then have the API forms or any API pings access this key so it keeps it private. I have been trying to understand how and where I can apply this.
Placing a variable on the main.ejs file and assigning it as key with the value of the key, does that accomplish the same thing?
Supposedly, this is what the Session Manager is for, so you can store such variable (token) in the current browser session.
It would accomplish the same thing if your website is SPA (Single Page Application, i.e. you use the Internal option on every link of your website), although if you refreshed the page most likely you’d lose the variable’s content and require a login again. Ideally, you’d use the Session Manager to persist data across page refreshes
