API keys while consuming REST services

Hi all, I have a very simple situation. In my project, I make REST calls to an external website. This website provides API key and a secret key for authentication of requests. How do I use the keys given by the external website, without having to save them in my domain model(and use the entity’s attribute) in the REST call? Any way to pick from the file provided by the website(the keys are to be downloaded per-user basis in a csv format)? Thank you in advance. - Kamala
2 answers

Your request is conflicting, you don't want it to save it in your domain model but you want to use it as an entity's attribute, how?

Assuming that you just want to use it in your REST operations, you can simply make a Constant for your app key, secret key, which is a static per environment and need a restart to effect a change. AND you can use it in your REST operation by looking with a "@" (instead of a $) or in another entity by copying it or so.

Yes, you can also pick the keys from a file downloaded, something like;

1 - download the csv file from link by a java action in community commons like storeURLToFileDocument

2 – then you can map the CSV  contents with a app store module like https://appstore.home.mendix.com/link/app/429/

(or you can try to make a string from the file, which probably can read without using the app store module, but again you have to map it still to your mx objects)

3 – use the generated object from CSV mapping as input for your REST operation


Why not encrypt all those keys? Yes, a developer working with production database can see those keys if the person sets a breakpoint. But if a non trusted person is able to do that you have a bigger problem.