How to select data field API Access in Xano?
Difference between Public, Private, and Internal API access types in Xano
On creation of the field, There are 3 API Access to choose from:
1) Public
2) Private
3) Internal
As a beginner, you might wonder when to choose what, so let's understand them first
- Making API access public means this field is accessible to be used in any API
- Making API access private means this field will be hidden from the input section to configure it as a query parameter at the time of creating the API endpoint referencing the table consisting of this field. This field will not be hidden from the response of the database function which has access to it.
- Making API access internal means this field will be hidden from the input section to configure it as a query parameter at the time of creating the API endpoint referencing the table consisting of this field and will also be hidden from the response of the database function that has access to it.
Now let's understand this from practical use cases
Public Field Example (Username Field):
- Suppose you have a User table with a username field that you want to be accessible via any API endpoint because it's non-sensitive information and can be publicly displayed. You would set the username field's API Access to public. This way, it can be included in any API response without restrictions.
Private Field Example (airtable_id Field):
- Suppose you have an airtable_id field in a product table, which is used internally to synchronize data with Airtable. This ID is needed for internal operations but should not be exposed to the API's consumers directly. You could set the airtable_id field's API Access to private. This configuration hides it from the input section of the NO CODE API builder when creating CRUD API endpoints, but it will still be visible in the output unless you further restrict it through function logic or additional settings.
Internal Field Example (auth-token Field):
- Consider an auth-token field within a user table used to store authentication tokens for user sessions. This information is sensitive and should neither be accessible for input nor visible in API responses by default. Setting the auth-token field's API Access to internal ensures it's hidden from the input section of the NO CODE API builder and also from the response of any Database Function that accesses it, safeguarding sensitive information.
Feel free to give feedback or ask your questions in the comment section and click here to connect.