Coming soon
This feature will be available at the end of October.
This article explains how to POST a token to grant temporary access to data or schema in Quickbase in both formula - URL fields and formula - rich text fields.
When to POST a temporary token
For most people who use Quickbase, it is only one part of an entire ecosystem that helps run operations. Quickbase offers many ways to integrate and connect to other platforms and services, including built-in connectors and APIs.
Many people also build custom integrations or work with Quickbase Solution Providers to build integrations. These custom integrations or tools often combine server-side and client side technologies. Custom tools or integrations usually need access to data and/or schema to complete their process. To grant access, you could store a static token. However, this adds risk. It also means the API calls would be on behalf of whoever stored the token.
Quickbase provides a way to minimize risk by allowing you to set up and POST temporary tokens from a Quickbase field. Temporary tokens don’t need to be stored, and they enable the tool to operate on behalf of the user who initiated the request.
How to POST a temporary token
Formula - URL fields and formula - rich text fields can be used to create buttons or links. Add a property to either one of these field types to POST a temporary token.
If you have set the field to add a temporary token, then Quickbase POSTs the token when a user clicks on the button or link. You can POST a temporary token from any place where the field renders as a link or button like forms, reports, and dashboards. It also works when embedded as an iframe on a form.
When the link is clicked, the temporary token is included in the request body. The custom tool/integration receives a body parameter named TempToken with the token value.
Formula - URL field: set up temporary tokens
Navigate to the field properties for the formula - URL field.
Configure the formula with the URL.
Find the Token property in the Display section and select the POST temporary token check box.
Formula - rich text field: set up temporary tokens
Format the link to POST a temporary token from a formula - rich text field:
POSTTempTokenis a CSS class that tells Quickbase to generate the temporary token and POST the link.data-tempTokenDBIDis an attribute that sets the table context for the token.
Example:
"<a class ='Vibrant Success OpenAsPopup POSTTempToken'
data-tempTokenDBID='" & Dbid() & "'
href='" & $url & "'>Run plugin</a>"Token behavior and limits
Temporary tokens can only be used with the RESTful APIs.
The token is the same temporary token described in our API documentation.
The token has the same permissions as the user who clicks the button or link. It cannot grant more access than the user already has. This means that when a button or link is clicked, the tool or integration can temporarily access the same data/schema that the user can access.
The token is only POSTed to the first URL you specify. If that page redirects, Quickbase does not forward the token.
In cases where you want to pass the token beyond the first URL, you can create a code page. See an example in the Quickbase Community.
The token expires 5 minutes after it is issued.
The token is not added to the URL, so it doesn’t display in logs.
Open target choices (same page, new window, pop up) still apply.
When Quickbase POSTs a temporary token, the target site loads in a web view in the Quickbase mobile app. This is different from how target choices are normally handled on mobile. Learn more about the typical behavior in form field types and components on mobile.
When set up in formula - URL fields, the token can only grant access to the data in the table where the field that generated it is located.
If set up in a formula - rich text field, you can use the
data-tempTokenDBIDattribute to specify any table in your app.