API hub configuration
In this guide, you'll learn to set environment variables in the API hub and access them in your extension handlers.
Configuring variables in API hub
You can provide your API hub extensions with credentials to connect to your backend services. To do so, you need to edit the
project.yml file in a directory you're not usually meant to touch:
<customer>_<project>/config/project.yml. In this file, you can edit the section
configuration and store arbitrary YAML content, which is then available to the
FrontasticContext in each extension point.
You'll break your API hub setup if you edit any other section in this file.
Accessing variables in extension handlers
You can access the specified variables through the
context property that's passed in as the second argument to your extension handlers. See the examples below to learn more.
Accessing secrets in frontend components
Sometimes you'd need the variables in the frontend components. For example, some client-side SDKs like Adyen need a client id to work. The API hub doesn't expose the variables directly to the frontend, but you can easily implement a data source to selectively expose the variables you need in a component.
The following example shows how you can expose the
adyen.clientID secret from the
project.yml to a frontend component.
- Create a data source to read the variable from
project.ymland return the variable.
- Upload the data source schema to the studio.
- Specify the data source in the Frontend component's schema that needs the Adyen client ID.
- Use the
adyenClientIdin the Frontend component.
This implementation keeps your application secrets safe by allowing you to granularly expose secrets to the components.
It's essential to expose as little as possible to avoid security issues. A good practice is creating separate data sources for each secret needed on the frontend.
The files are sourced in the following order and values are overwritten by later files:
So, if you have the same key-value pair specified in both
.dev one will be used.
Securing your project secrets
We've introduced a way to add another ansible-vault for encrypted project configurations. This vault should be just an encrypted version of the
project.yml with the necessary overwrites and should be named accordingly:
These files will then get decrypted on our servers to make them available there.
Creating the Ansible-Vault
In order to create a vault, you could follow the documentation of Ansible.
Basically, you'll need to run the following command on your shell inside the project's config directory:
We need to know your password to configure our servers properly. Don't reuse another password here!
Choose any new password you like and contact us using the Submit a ticket button (at the top of this page) so we can configure the servers properly to use the password you've used so that it gets decrypted on the production and staging machines.
Please don't forget to check the generated encrypted vault file in Git.
Editing the Ansible-Vault
You could edit the vault by running the following command:
After editing and once the changes are pushed into your master branch, please contact our Support team (using the Submit a ticket button) who will make sure these are applied to your production and/or staging servers.
For further details, see the Ansible documentation.