Application Id: D3AEFCC3-94AD-4944-9AF0-C474EE2AD285
I’ve set up a third party API call from codeless (shown above) and it works great but the API key is currently hard-coded into it which isn’t the best security practice.
There seems to be an option to store custom 3rd party keys under ‘Management’ in the Backendless console but I have no idea how to reference that from the codeless block. Can you please explain how to use that feature or direct me to any documentation I’ve missed? Thanks!
Currently, API keys stored in Management → 3rd Party Integrations cannot be accessed from UI Builder / Codeless blocks. There is no built-in way to reference those keys in a Codeless.
Possible options:
Option 1 (workaround):
You can fetch the integration data via an API call using a Backendless Claude Code API key:
GET https://api.backendless.com/:appId/:apiKey/integrations/:name
(where name is NumCheckr in your case).
Option 2 (recommended):
Add the API key to UI Builder settings and retrieve it using a Codeless block (as shown in the screenshots). This is the simplest and most reliable approach.
Let us know if you need help setting this up.
Regards,
Sergey
Unfortunately neither approach seems like a solution because in the former I’d be hardcoding my backendless api key into the server side code instead. My understanding is that should be treated as sensitive data as well so the issue is the same. The second approach seems to be restricted to the UI builder. Does it have an equivalent for API services?
Sorry for the earlier confusion regarding Codeless.
The correct and secure approach is to use an API Service. You can create a method (for example, check-number) and safely hardcode the third-party API key inside that method. Since API Services run on the server side, the key is never exposed externally. From the frontend, you simply call this API Service method without passing any API keys, which keeps the flow secure.
I agree with your point regarding key management. At the moment, the missing piece is the ability for API Services to access Third Party API Keys stored in the Backendless console. While this storage exists, there is currently no way to reference those keys from API Services, as this functionality has not been implemented yet.
Regards,
Sergey
I’ll look into a service then. Thanks for the help.
And one more thing,
For cleaner and more proper reuse specifically in API services, you can use configs and treat them as reusable blocks.
Regards,
Sergey
Just putting this note here in case anyone else goes down the same rabit-hole after reading online that hard-coding, even server side is an insecure practice. The full story is that’s more due to the risk of accidental leaks sharing the code on github which isn’t an issue here. I think what you’ve recommended, as well as making the code neater, also means the API key is an environmental variable which is better practice too. Thanks again for the assistance, Sergey.
