I’m confused by a few things I am hoping someone can shine some light on for me.
I’ve seen the usage of your Airtable API key, amongst others, strongly discouraged in the custom code block. This makes sense to me.
What I don’t understand is why Atom Chat is then called a “great solution” by softr, when Atom Chat requires you to paste your auth. creds. into the custom code block? (See Atom Chat’s documentation below)
NOTE:
Please replace the "APP_ID" and "AUTH_KEY" values in the code with your own Keys from your AtomChat Admin Panel -> API Keys
<script>
var chat_appid = 'APP_ID';
var chat_auth = 'AUTH_KEY';
var chat_id = window['logged_in_user']['airtable_record_id'];
var chat_name = window['logged_in_user'][' YOUR AIRTABLE FIELD NAME for USERNAME'];
var chat_avatar = window['logged_in_user']['YOUR AIRTABLE FIELD NAME for PROFILE PICTURE'];
var chat_role = window['logged_in_user']['YOUR AIRTABLE FIELD NAME FOR USER ROLE'];
var chat_email = window['logged_in_user']['YOUR AIRTABLE FIELD NAME FOR EMAIL'];
</script>
...
NOTE: Please replace the "AIRTABLE FIELD NAME for USERNAME" with your Airtable username column and AIRTABLE FIELD NAME for PROFILE PICTURE' with your Airtable profile picture/Avatar column.
It seems as though we are exposing quite a bit, providing an attack vector against our users chat conversations, and at the recommendation of softr.
Furthermore, I am also confused as to why we are discouraged from integrating with Airtable in a custom code block, seeing as Softr must be storing or API key as an environmental variable – which seems easy enough to allow us to safely call in our script.
Even if the functionality for us to store .env variables for other services API Keys isn’t offered (yet), why can we not access the one that already does exist? And why, in the same breath, would Softr recommend Atom Chat?
What am I missing here?
TIA for helping me wrap my mind around this.