Pass a user token into Pack via settings?

I’m working with an API that handles auth by including a token in the actual URL as part of the path. Is there an Auth option that’ll allow me to have the user supply their own token, and then e.g. give me access to that token via context?

I’d love to be able to pull context.variables.api_key into my pack code and have that be populated by the pack subscriber. This would actually be generally useful beyond just auth, right? Do packs support this in any way?

Right now the only way I can see to do it is to have the user pass in the token into all pack formulae, but that automatically ruins ColumnFormats which require a single argument.

Hey, I was asking the same question to the dev team at alpha and got this answer:

„For tokens, you will never be able to see an actual token, by design, for security reasons. (…) One simple way to do it might be to add requiresEndpointUrl: true to your authentication definition, which will prompt users to provide their endpoint (i.e. url with subdomain) at the same time they provide their token.“

I did it that way for now which works great - but is not very user friendly.

Does your api gives an error back with the right path?

You’re in luck! We just finished work on a new Custom authentication type that allows you to inject a user’s keys or token anywhere in the request. We just merged the code in yesterday, so it’s not available in production yet, but should be within a few days. You can read more about it here:

https://coda.github.io/packs-sdk/reference/sdk/interfaces/CustomAuthentication/

5 Likes

If what you’re saying is that in order to access the API, you need to hit an endpoing that looks like

https://theapiurl.com/api/v1/commonEndpoint?api_key=[userAPIkey]&search="asearchterm"

…then that’s doable yep. Here’s how I’ve been doing it:

pack.addNetworkDomain('theapiurl.com');
pack.setUserAuthentication({
  type: coda.AuthenticationType.QueryParamToken,
  paramName: "apikey",   // or whatever the variable after the '?' is
  instructionsUrl: "...",   // instructions on how to get an API key
});
const baseUrl = "https://theapiurl.com/api/v1/";

//... later on inside the formula definition ...

execute: async function getLatestRate([myParameter], context){
  const url = coda.withQueryParams(
    baseUrl + "commonEndpoint",   // the url to hit
    { search: myParameter },  // add query parameters if desired, but note API key is automatically added, so you don't have to specify it here
  );
  const response = await context.fetcher.fetch({
    method: "GET",
    url: url
  });
  return response.body // or whatever you want to pull out of the API response
}

Also I haven’t tested but if you don’t have anything else to add to the querystring beyond the API key, you can probably skip the coda.withQueryParams() and I expect the API key just gets auto-added to whatever fetch call you make, because you configured it in setUserAuthentication.

Edit: ah, I see you may mean https://theapi.com/api/v1/[userApikey]/endpoint

Nah, the URLs look more like: https://whatever.com/api/foo/MY_TOKEN/bar which is weird, and requires me to have access to the token at the time that I construct the URL.

Nice, this is EXACTLY what I was looking for!