Where to store 3rd party api secrets for use in freemarker?
We need to make a 3rd party API call to retrieve some content to display, and from the docs we cannot tell where we should store these credentials.
One post suggests adding them as a variable inside a macro, but that doesn't seem secure.
Another post shows us how to read admin config options dynamically (Getting settings) but it did not show how to add custom entries. Is this even possible? and if so how?
Any advice on this? Maybe we are going about it the wrong way.
Thank you
Depending on how many folks have access to Studio and whether or not they're in your circle of trust, you can set up a "global variables" macro to store global variables that can be used in any other macro. This will allow you to have the credentials stored just once rather than in multiple macros/components/etc.
For example, we have a macro called custom.macro.common.variables.ftl where we store our global variables in code similar to the following:
<#-- Define third-party API credentials --> <#global API_CLIENT_ID = 'something' /> <#global API_CLIENT_SECRET = 'somethingelse' />
(We use the all caps snake case naming convention for our global variables to differentiate them from other variables, essentially treating them as constants.)
Then we use the #include directive to import it into our "common utilities" macro (custom.macro.common.utils.ftl) which we import in all of our components and other macros.
<#-- Include global variables --> <#include 'custom.macro.common.variables' />
Then we're able to reference the global variables as needed in whatever component/macro/function we need. For example:
<#-- Import dependencies --> <#import 'custom.macro.common.utils' as commonUtils /> <#-- Create a macro to do stuff with the third-party API --> <#macro doApiStuff clientId clientSecret> <#-- Do cool stuff here --> </#macro> <#-- Call the macro --> <@doApiStuff API_CLIENT_ID API_CLIENT_SECRET />
Hope this helps.