Hey Make,
I read the exchange below but it seems no resolution was found. I am in the same situation. I have an API that requires the username / password to be in the body to retrieve a bearer token. As the linked states, I can put it in plain text in the body or use a scenario variable. Both not secure.
What is the proper way for me to handle my keys? No, I cannot change API.
Thanks
Contact the developers and tell them they have a shitty way of accepting passwords?
There is nothing you can do in Make. Anyone with access to the scenario will be able to see the password.
Hi @dexaL
The problem is that someone with access to your scenario would be able to copy the username/password and use it somewhere else.
The only guarantee you have with an api key is that it won’t be used outside of Make.com, since Make does not echo registered api keys.
As far as using it inside of Make, anyone with access to your scenario can add modules that exploit your api key to its full capabilities.
In this case, your best shot is to build an API proxy that only receives an api key you create, validates the key and forwards the exact request to the final api endpoint, injecting the username and password in the body. Then, store the api key in Make using the regular procedure.
You can even do it with Make. If you are on the Teams plan, you can create a team for yourself and add that proxy scenario, so it becomes “private”.
Welcome to the Make community!
Maybe if you can provide a link to the service’s documentation, we can see if there is a workaround.
One way I can think of is to create your own Custom App.
Hope this helps! If you are still having trouble, please provide more details.
— @samliew
P.S.: investing some effort into the tutorials in the Make Academy will save you lots of time and frustration using Make!