Redacting email of account holder (related to custom auth?)

Making Packs
1

Getting a weird thing with my Copper CRM pack. I can hit the API to return an array of Copper users in my company’s account (needed for things like assignment, ownership of records, etc.).

[
  {
      id: Number
      name: String
      email: String
  },
  ...
]

Works fine except that my email address gets replaced with the string "<<<REDACTED by Coda>>>".

My suspicion is that this is a side effect of a security feature related to Custom Auth. The Copper API requires two parameters in the request body: an API Key, and the email address of the account holder.

I think that Coda is trying to prevent me from snooping on these privileged credentials, by nuking anything anywhere that matches them… but in this situation, I think you can see why this is problematic :sweat_smile:

Am I right that this is the source of the problem? Perhaps the restrictions could be loosened such that things matching an email regex are allowed through, or something to that effect? Are there other things you can think of that might need similar special treatment, beyond email addresses?

1 Like
2

Whoops! Ya, you’re guess is right on the money, this redaction is done to keep user credentials safe, but I can see how it is a bit of a problem in this case. I’m not sure what path we can take to address it, but let me bring it up with the team.

1 Like
3

Thanks Eric. Don’t ask me why they felt an API key alone was insufficient, and require email to be passed as well. :man_shrugging:

But maybe there will be other situations like this that pop up (not sure what exactly… maybe an org’s domain or something like that?)

4

Hi Nick,

Just wanted to follow-up and say this should be fixed now. Let us know if you still have issues!

1 Like
5

Amazing, much appreciated @SpencerChang !

I was worried my issue might be too niche but I’m glad you were able to adjust. What did you end up changing? Email-regex-matching secrets get let through the redaction filter? Or are the details top-secret? :wink:

6

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.