How to select data field API Access in Xano?

Anish GandhiAnish Gandhi
2 min read

Table of contents

On creation of the field, There are 3 API Access to choose from:

  1. Public

  2. Private

  3. Internal

As a beginner, you might wonder when to choose what, so let's understand them first

- Making API access public means this field is accessible to be used in any API

- Making API access private means this field will be hidden from the input section to configure it as a query parameter at the time of creating the API endpoint referencing the table consisting of this field. This field will not be hidden from the response of the database function which has access to it.

- Making API access internal means this field will be hidden from the input section to configure it as a query parameter at the time of creating the API endpoint referencing the table consisting of this field and will also be hidden from the response of the database function that has access to it.

Now let's understand this from practical use cases

Public Field Example (Username Field):

  • Suppose you have a User table with a username field that you want to be accessible via any API endpoint because it's non-sensitive information and can be publicly displayed. You would set the username field's API Access to public. This way, it can be included in any API response without restrictions.

Private Field Example (airtable_id Field):

  • Suppose you have an airtable_id field in a product table, which is used internally to synchronize data with Airtable. This ID is needed for internal operations but should not be exposed to the API's consumers directly. You could set the airtable_id field's API Access to private. This configuration hides it from the input section of the NO CODE API builder when creating CRUD API endpoints, but it will still be visible in the output unless you further restrict it through function logic or additional settings.

Internal Field Example (auth-token Field):

  • Consider an auth-token field within a user table used to store authentication tokens for user sessions. This information is sensitive and should neither be accessible for input nor visible in API responses by default. Setting the auth-token field's API Access to internal ensures it's hidden from the input section of the NO CODE API builder and also from the response of any Database Function that accesses it, safeguarding sensitive information.

    Help me write more content for you

Help me!

If you enjoyed this post and found it helpful, Kindly consider supporting my work by buying me a coffee! Your support helps me create more valuable content and continue sharing useful resources. Thank you!

0
Subscribe to my newsletter

Read articles from Anish Gandhi directly inside your inbox. Subscribe to the newsletter, and don't miss out.

XANOnocodeNo Code no-code platformno code developmentapiAPI access

Written by

Anish Gandhi
Anish Gandhi

✔️ Certified Bubble.io Developer with 2+ Years of experience in creating scalable responsive web applications. ✔️ Top Rated Plus Upwork Freelancer ✔️ Canvas framework expert