Hi Guys,
Scope is:
Client side able to add multiple store like store name and store api key and these stores are populate to client side in dropdown.
And the customer can choose any one of the populated store the relevant data to be loaded on the page.
Problem is;
The store credentials are stored in local and it can be directly access from client side and malicious user also able view.
So, how can we store these credentials in secure like Ex: __meta:{ secure: [‘api_key’]}
Thanks.
Do you mean this is happening during testing locally via fdk? If so, once testing is over, localstore file can be deleted.
Thanks for your response.
The problem is raised by code review team in freshworks because this app is going to deploy in marketplace.
Any installation params which are sensitive data should be marked as secure as mentioned at Code Review Guidelines. More information about secure iparams can be found at Installation Parameters
Quick question, it seems like you are using platform db to store the name and apiKey? Or is it Configuration page where you store the same data?
We suggest avoiding storing api key in datastorage as api key from db can be accessed from the frontend app using client.db.get which is a security violation.
Yeah we got the solution for to retrieve data as array from secure using SMI.
SMI using retrieve data from serverless.
Thank you.
This topic was automatically closed after 5 days. New replies are no longer allowed.