Forum Discussion

octavian_krody's avatar
3 years ago

Where to store 3rd party api secrets for use in freemarker?

We need to make a 3rd party API call to retrieve some content to display, and from the docs we cannot tell where we should store these credentials.

One post suggests adding them as a variable inside a macro, but that doesn't seem secure.

Another post shows us how to read admin config options dynamically (Getting settings) but it did not show how to add custom entries. Is this even possible? and if so how?

Any advice on this? Maybe we are going about it the wrong way.
Thank you

  • Depending on how many folks have access to Studio and whether or not they're in your circle of trust, you can set up a "global variables" macro to store global variables that can be used in any other macro.  This will allow you to have the credentials stored just once rather than in multiple macros/components/etc.

    For example, we have a macro called custom.macro.common.variables.ftl where we store our global variables in code similar to the following:

     

    <#-- Define third-party API credentials -->
    <#global API_CLIENT_ID = 'something' />
    <#global API_CLIENT_SECRET = 'somethingelse' />

     

    (We use the all caps snake case naming convention for our global variables to differentiate them from other variables, essentially treating them as constants.)

    Then we use the #include directive to import it into our "common utilities" macro (custom.macro.common.utils.ftl) which we import in all of our components and other macros.

     

    <#-- Include global variables -->
    <#include 'custom.macro.common.variables' />

     

    Then we're able to reference the global variables as needed in whatever component/macro/function we need.  For example:

     

    <#-- Import dependencies -->
    <#import 'custom.macro.common.utils' as commonUtils />
    
    <#-- Create a macro to do stuff with the third-party API -->
    <#macro doApiStuff clientId clientSecret>
      <#-- Do cool stuff here -->
    </#macro>
    
    <#-- Call the macro -->
    <@doApiStuff API_CLIENT_ID API_CLIENT_SECRET />

     

     

    Hope this helps.

3 Replies

  • MattV's avatar
    MattV
    Khoros Staff
    3 years ago

    I think support may be able to create a custom settings entry in admin for you under the Settings List Editor (in System tab).

    However, you'd have to be pretty specific about the specifications of the setting, e.g. input type (text), input format (string), min/max character length, where this setting should appear in community structure (community and/or category and/or board), and any special rules if any to use for validation (e.g. shouldn't contain anything that looks like HTML).

    Otherwise, if you have an engagement with Professional Services we can do it for you as well.

  • Depending on how many folks have access to Studio and whether or not they're in your circle of trust, you can set up a "global variables" macro to store global variables that can be used in any other macro.  This will allow you to have the credentials stored just once rather than in multiple macros/components/etc.

    For example, we have a macro called custom.macro.common.variables.ftl where we store our global variables in code similar to the following:

     

    <#-- Define third-party API credentials -->
    <#global API_CLIENT_ID = 'something' />
    <#global API_CLIENT_SECRET = 'somethingelse' />

     

    (We use the all caps snake case naming convention for our global variables to differentiate them from other variables, essentially treating them as constants.)

    Then we use the #include directive to import it into our "common utilities" macro (custom.macro.common.utils.ftl) which we import in all of our components and other macros.

     

    <#-- Include global variables -->
    <#include 'custom.macro.common.variables' />

     

    Then we're able to reference the global variables as needed in whatever component/macro/function we need.  For example:

     

    <#-- Import dependencies -->
    <#import 'custom.macro.common.utils' as commonUtils />
    
    <#-- Create a macro to do stuff with the third-party API -->
    <#macro doApiStuff clientId clientSecret>
      <#-- Do cool stuff here -->
    </#macro>
    
    <#-- Call the macro -->
    <@doApiStuff API_CLIENT_ID API_CLIENT_SECRET />

     

     

    Hope this helps.

  • jeffshurtliff MattV 
    Thank you!
    We'll go for macros for now as we don't know exactly where the options are needed under what scope, but it's good to know that it is an option we can pick up after things settle into place.