Redacting email of account holder (related to custom auth?)

Getting a weird thing with my Copper CRM pack. I can hit the API to return an array of Copper users in my company’s account (needed for things like assignment, ownership of records, etc.).

      id: Number
      name: String
      email: String

Works fine except that my email address gets replaced with the string "<<<REDACTED by Coda>>>".

My suspicion is that this is a side effect of a security feature related to Custom Auth. The Copper API requires two parameters in the request body: an API Key, and the email address of the account holder.

I think that Coda is trying to prevent me from snooping on these privileged credentials, by nuking anything anywhere that matches them… but in this situation, I think you can see why this is problematic :sweat_smile:

Am I right that this is the source of the problem? Perhaps the restrictions could be loosened such that things matching an email regex are allowed through, or something to that effect? Are there other things you can think of that might need similar special treatment, beyond email addresses?

1 Like

Whoops! Ya, you’re guess is right on the money, this redaction is done to keep user credentials safe, but I can see how it is a bit of a problem in this case. I’m not sure what path we can take to address it, but let me bring it up with the team.

1 Like

Thanks Eric. Don’t ask me why they felt an API key alone was insufficient, and require email to be passed as well. :man_shrugging:

But maybe there will be other situations like this that pop up (not sure what exactly… maybe an org’s domain or something like that?)

Hi Nick,

Just wanted to follow-up and say this should be fixed now. Let us know if you still have issues!

1 Like

Amazing, much appreciated @SpencerChang !

I was worried my issue might be too niche but I’m glad you were able to adjust. What did you end up changing? Email-regex-matching secrets get let through the redaction filter? Or are the details top-secret? :wink:

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.