Redacting email of account holder (related to custom auth?)

Getting a weird thing with my Copper CRM pack. I can hit the API to return an array of Copper users in my company’s account (needed for things like assignment, ownership of records, etc.).

      id: Number
      name: String
      email: String

Works fine except that my email address gets replaced with the string "<<<REDACTED by Coda>>>".

My suspicion is that this is a side effect of a security feature related to Custom Auth. The Copper API requires two parameters in the request body: an API Key, and the email address of the account holder.

I think that Coda is trying to prevent me from snooping on these privileged credentials, by nuking anything anywhere that matches them… but in this situation, I think you can see why this is problematic :sweat_smile:

Am I right that this is the source of the problem? Perhaps the restrictions could be loosened such that things matching an email regex are allowed through, or something to that effect? Are there other things you can think of that might need similar special treatment, beyond email addresses?

1 Like

Whoops! Ya, you’re guess is right on the money, this redaction is done to keep user credentials safe, but I can see how it is a bit of a problem in this case. I’m not sure what path we can take to address it, but let me bring it up with the team.

1 Like

Thanks Eric. Don’t ask me why they felt an API key alone was insufficient, and require email to be passed as well. :man_shrugging:

But maybe there will be other situations like this that pop up (not sure what exactly… maybe an org’s domain or something like that?)