Hello Retool community,
I am trying to add auth for my REST API resources, I want to use API key for that, but I would like to have one API key for each Retool user.
I have tried user metadata but it's not encrypted.
How can I do that?
Hi @qinfeng,
So, the way I would approach this is with Dynamic resources, you can find a useful article on this here (kudos to @retoolers ).
This means though, that you will need to create a resource for each user, which may not be a scalable solution, but will work for a small sized team.
Let me know if you need additional info on top of what is explained in the article.
Best,
Miguel
1 Like
Thanks Miguel, that might work but as you said it's not scalable.
It sounds like one of your requirements is that this key not be viewable client side - is that right? One option is to create a distinct configuration variable for each of your users. These can be marked as secret, meaning their values are only made available server side.
The other possibility that came to mind - but that is admittedly roundabout - is to store all of these API keys elsewhere and then fetch the appropriate key for the current_user via an API request defined in a custom auth pattern.