Hello Retool community,
I am trying to add auth for my REST API resources, I want to use API key for that, but I would like to have one API key for each Retool user.
I have tried user metadata but it's not encrypted.
How can I do that?
Hi @qinfeng,
So, the way I would approach this is with Dynamic resources, you can find a useful article on this here (kudos to @retoolers ).
This means though, that you will need to create a resource for each user, which may not be a scalable solution, but will work for a small sized team.
Let me know if you need additional info on top of what is explained in the article.
Best,
Miguel
Thanks Miguel, that might work but as you said it's not scalable.
It sounds like one of your requirements is that this key not be viewable client side - is that right? One option is to create a distinct configuration variable for each of your users. These can be marked as secret, meaning their values are only made available server side.
The other possibility that came to mind - but that is admittedly roundabout - is to store all of these API keys elsewhere and then fetch the appropriate key for the current_user via an API request defined in a custom auth pattern.