At Agile Dynamics we have developed a 3-Tier Architecture for our client’s automations that addresses these issues.
Tier-1: “FRONT-END”; a published play-mode document for external users (not logged-in)
Tier-2: “BACK-END”; the Business Logic tier - regular coda documents for internal users
Tier-3: “SECURE STORAGE”; cross-doc tables document to keep private data secure
Tier-1: FRONT-END
This is a published play-mode document that external users use to input/update their orders, requests, details etc. Because its play-only, they cant mess with any of the hidden stuff (unless they are advanced hackers). This document gathers their inputs and changes and sends it to the Tier-2 BACK-END document when they hit the submit button. We use a webhook to send their data. For many automations we need to verify the user’s identity, so we ask them to provide a username and password. We use a secure mechanism to keep the usernames and passwords in an encrypted form - and we hide the password cell when the user is entering it (I will make a separate post on that). The URL for this front-end doc can be safely sent to our external users, or linked-to in our websites etc. We have also made special mobile-only versions (with a more limited UI of course).
Tier-2: BACK-END
This is a regular Coda document that our internal users will use. So they have access to the workspace and must login to coda.
We have hidden pages and hidden tables but most of the business logic is built using standard Coda techniques. We use Dialog modals for most things. We have buttons to open these and other buttons to process the logic. We use some simple tricks to keep the hidden tables from turning up in searches (see below). But ultimately we must trust our team not to mess with the documents internals. We use cross-doc tables to keep private data secured.
Tier-3: SECURE STORAGE
This is a Coda document that contains only cross-doc tables for the most private data.
These are cross-doc’ed to the Tier-1 and Tier-2 documents as needed. Cross doc tables are not very performant, so we only use this for the private and secret data. We use 1-way and/or 2-way cross-doc tables as the case requires.
The way to keep your hidden tables hidden from the search feature is (as was posted earlier)…
- make the default table have all columns hidden
- set the display-column to a blank value (empty column)
This 3-Tier Architecture is a work-in-progress at the moment as we roll it out for new automations. So far it has been successful, and in 2025 we will start to migrate our older automations to this architecture.
If you think it would be useful, like or reply to this and I will create a video illustrating how it works.
Max