Comments (10)
Thanks @n-johnson. I'm just wondering why the API doesn't support a client credential for apps? This is common amongst other APIs. Will it be available in the future?
from js-webflow-api.
?
from js-webflow-api.
Currently, the Webflow API only supports authenticated access, which means using the API from the browser would require your secret access token (should be considered to be equivalent to your password) to be shared publically. This would give anybody the ability to update all of your CMS content.
So while updating this npm module to have browser support solves part of the problem, the bigger issue here is what the API itself actually supports. For now, the best way to accomplish what it sounds like you are trying to do is by making the requests to the webflow api from a backend server where your API keys don't have to be publically exposed. Sorry there isn't currently another option as I know you were trying to avoid that :/
from js-webflow-api.
I'm just wondering why the API doesn't support a client credential for apps?
Can you explain how this would work? Where are the API credentials coming from, and who has access to them?
I'm not sure if Client Credentials would do quite what you were hoping here - if some form of it were to be used in this manner, it still would be publically exposing API keys that would allow anyone to modify your site.
I think it's important to have this functionality as it improves the client-side experience. For example, if I want to implement an infinite scroll section that fetches new data from the API, ideally I should be able to do that from the client-side.
I think an unauthenticated, public, read-only API may be what you are wanting? We don't currently have support for this, but I can add it to our feature wishlist?
from js-webflow-api.
I think it's important to have this functionality as it improves the client-side experience. For example, if I want to implement an infinite scroll section that fetches new data from the API, ideally I should be able to do that from the client-side.
from js-webflow-api.
from js-webflow-api.
Hi @n-johnson ,
Would it not be possible to have that feature with user login. Then we'll be able to use authentification token to request the API like JWT.
Is it something you have in mind?
also do you have a public roadmap for the API?
from js-webflow-api.
I've been working on something that implements AlpineJS with Webflow in hopes to get around a lot of the limitations. Such as nested collections limiting to 5 or only having 1 per page. It's API driven and at the moment it has to ping to my server to do a PHP curl then return the result. Having the fetch an API that then fetches an API isn't the most performant.
Eliminating the middle man will be much preferred. There are plenty of platforms you expose the API key, TinyMCE, Snipcart, Shopify. Being able to access the API let's us do things like front-end forms that populate the CMS, it really steps up Webflow for developers that may otherwise turn away because of the limitations.
A lot of these work by doing trusted URL's. This prevents anyone using it outside of the URL's that are trusted, this could be set in the API key area. You could even default trusted URL's that are on the Webflow Project.
I understand it's too long in the tooth now to just implement something like this without breaking current integrations. This is why you'll need a new area to generate and use a front-end API key like Shopify does their Storefront API key.
from js-webflow-api.
I'm just wondering why the API doesn't support a client credential for apps?
Can you explain how this would work? Where are the API credentials coming from, and who has access to them?
I'm not sure if Client Credentials would do quite what you were hoping here - if some form of it were to be used in this manner, it still would be publically exposing API keys that would allow anyone to modify your site.
I think it's important to have this functionality as it improves the client-side experience. For example, if I want to implement an infinite scroll section that fetches new data from the API, ideally I should be able to do that from the client-side.
I think an unauthenticated, public, read-only API may be what you are wanting? We don't currently have support for this, but I can add it to our feature wishlist?
A client side read-only api would be extremely nice to have
from js-webflow-api.
Hey Folks 👋
Firstly, I apologize this issue hasn't received an "official" response in years - we will do better here 🙇
Is it something you have in mind?
With regard to a Client API, it's not in our immediate roadmap to build, but I have just resurfaced the request and use-cases it unlocks to our product team to reconsider. 🤞
With this mixed news, I'm going to close this issue, but you're welcome to continue the discussions in our forums.
also do you have a public roadmap for the API?
Finally, we are working on a better way to keep developers informed on what's cooking on the Webflow side, so stay tuned for that!
Thank you and happy coding!
from js-webflow-api.
Related Issues (20)
- Cannot find module './core' in webflow-api/dist/index.js - v1.3.0 HOT 6
- Authorization using auth0 : Add a support for openid in the allowed scope .
- Beta flag not typed? HOT 2
- API Issue: Date/Time is not a valid format. HOT 2
- Update Token does not set underlying axios auth HOT 1
- How to get option field as string (v2)?
- Not able to update fields
- TypeError: res.data.map is not a function HOT 2
- Configuration default host HOT 3
- Configuration params HOT 3
- CloudQuery Plugin? HOT 1
- 🐛 issue with authorizeUrl method HOT 3
- Typescript / Jest Compatibility Issues HOT 22
- README updateItem Call is Wrong HOT 4
- Add live to Create and Update Methods (or add it to the README.md) HOT 1
- Pagination data missing HOT 1
- RichText fields don't return Embedded content HOT 2
- API returning different name for fields HOT 2
- `webflow.updateItem(...)` method inconsistent with other methods HOT 1
- Generic `Item` response types
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from js-webflow-api.