Client Secret Request
If you are using 3rd party API's that requires a client secret, you can use clientSecretRequest()
to make a secure POST
or GET
request to your 3rd party API's.
First you need to save your client secret key in your Client Secret page.
Navigate to the Client Secret Key page from your service page.
Click on the Register Client Secret Key button to add a new client secret key.
You can add a new client secret key by providing a name for the key and the client secret key value.
The checkbox indicates whether the key is public or private. The Name
field is the name of the key that you will use when defining the clientSecretName
parameter in the clientSecretRequest()
method. The $CLIENT_SECRET
field is the value that you will use as a placeholder in the data
, params
, or headers
or url
parameter of the clientSecretRequest()
method.
From the list of client secret keys, you can see the security settings, the name, and the masked client secret of your keys.
TIP
The access setting of the client secret key can be set to either public or private.
private means that only the users that are logged in can have access to your 3rd party api, while public means anybody can have access to your 3rd party api. private keys are indicated with a check mark in the column with the lock icon.
Once the client secret key is saved, you can use the clientSecretRequest()
method below to make secure requests to your 3rd party API's.
The list parameters of params
of the method is shown as below:
url
: A string representing the URL of your 3rd party API.clientSecretName
: A string representing the key name of the client secret key you may have saved in your service dashboard.method
: A string representing the method of the request. It can be either "GET" or "POST".headers
: An object representing the headers of the request.data
: An object representing the data to be sent to your 3rd party API. It is only used whenmethod
is "POST".params
: An object representing the query string parameters of the request. It is only used whenmethod
is "GET".
For more detailed information on all the parameters and options available with the clientSecretRequest()
method, please refer to the API Reference below:
clientSecretRequest(params): Promise<any>
WARNING
When using clientSecretRequest()
, you must include the $CLIENT_SECRET
placeholder string in the data
or params
or headers
or url
parameter value.
Example: Making a secure request to OpenAI API image generator.
As an example, we will be using the OpenAI API image generator from Skapi.
We will referencing the OpenAI API documentation to understand how to make secure requests to the API.
Prerequisites
- Create an OpenAI account and get your API secret key from here.
- Save your OpenAI API secret key in your service dashboard. For more information on how to save the client secret key, see Client Secret Key. For this example save your OpenAI API key in the key name
openai
. We will use this key name when making the secure request to the OpenAI API.
Understanding the API call
In the API documentation, we can see that the API call is made as follows:
POST https://api.openai.com/v1/images/generations
This means the API call should be made using the POST
method to the https://api.openai.com/v1/images/generations
URL.
Next, you will see curl example of the API call:
curl https://api.openai.com/v1/images/generations \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $OPENAI_API_KEY" \
-d '{
"model": "dall-e-3",
"prompt": "A cute baby sea otter",
"n": 1,
"size": "1024x1024"
}'
This means the API call to https://api.openai.com/v1/images/generations
should be made with a header
with Content-Type
to application/json
and Authorization
to Bearer $OPENAI_API_KEY
. And the post data should contain properties like model
, prompt
, n
, and size
.
The $OPENAI_API_KEY
is the API secret key that you have obtained from the OpenAI website. And it is meant to be replaced with your API secret key.
Since we cannot expose the API secret key in the frontend, we will be using the clientSecretRequest()
method to make a secure request to the OpenAI API:
<form onsubmit="skapi.clientSecretRequest(event).then(r=>console.log(r))">
<input name="clientSecretName" hidden value="openai">
<input name="url" hidden value="https://api.openai.com/v1/images/generations">
<input name="method" hidden value="POST">
<input name="headers[Content-Type]" hidden value='application/json'>
<input name="headers[Authorization]" hidden value="Bearer $CLIENT_SECRET">
<input name="data[model]" hidden value="dall-e-3">
<input name="data[n]" hidden type='number' value="1">
<input name="data[size]" hidden value="1024x1024">
<textarea name='data[prompt]' placeholder="Describe an image" required></textarea>
<input type="submit" value="Generate">
</form>
skapi.clientSecretRequest({
clientSecretName: 'openai',
url: 'https://api.openai.com/v1/images/generations',
method: 'POST',
headers: {
'Content-Type': 'application/json',
Authorization: 'Bearer $CLIENT_SECRET'
},
data: {
model: "dall-e-3",
"prompt": "A cute baby sea otter",
n: 1,
size: "1024x1024"
}
})
The example above shows how we can compose the request headers and data to make a secure request to the OpenAI API. Note that we have used the $CLIENT_SECRET
placeholder string in the Authorization
header value, and we have set clientSecretName
to openai
which is the key name that you may have saved your OpenAI API key in the service dashboard.
When the request is made, Skapi will replace the placeholder string with the client secret key that you have saved in your service dashboard, and return the response from the OpenAI API.