Experimental Code Column uses Java script - Would it work with Python script?!

In order to get a token that would allow me to use JSON to get data, an application is requiring me to run some script in order to get a token that is specific to my account. The forum helpfully provides step by step instructions for the code required to generate the token.

I was pleased to see that Glide offers the option to run custom scripts via the ‘experimental code column’. However, the help documentation talks about running Java script. Does it matter what the code language is? Would it be ok if the code is Python? Or do I have to convert the code into Python and save it somewhere first?

Apologies if this sounds illogical or obvious, I’m new to scripting.

This is the forum:
https://developer.exist.io/guide/read_client/#getting-a-token

Update: I asked GPT and it gave me this advice… it helpfully converted the Python code into Jave. I guess I will try it:

Update: I tried this column in Glide. However, I don’t see anything appearing in the column - any thoughts why this doesn’t work?

Obviously I have 2 other columns in the Glide Table that define p1 and p2 for Username and Password, respectively.

Am I supposed to somehow activate this script using a button in the layout or should it (as I expected) simply update the column cells as soon as I save the column? It just remains empty. I’m certain the username and password are correct!

Three things:

  1. You are not calling the function. It’s there but nothing calls it. That was the purpose getToken(); in your code from chatGPT.
  2. You are not passing the parameters into your code. I don’t see p1 or p2 used anywhere.
  3. You don’t have a Return function to return the results of the code.

Add this to the end of you code.
return getToken(p1, p2,);

Just note, that this is not a secure method of calling an API. Users can snoop the code and see the username and password, so it depends on how and where you are storing those credentials…which are stored in unencrypted clear text. The CallAPI method would be more secure because it is ran on Glide servers instead of each user’s device.

3 Likes

Thank you so much for the support and for the patience… I guess ChatGPT did not make a complete response. I will try adding the ‘return…’ code.

I guess I can keep it secure by putting the p1 and p2 values in a table with Row Owners enabled.


function getToken(username, password) {
return fetch(‘https://exist.io/api/2/auth/simple-token/’, {
method: ‘POST’,
headers: {
‘Content-Type’: ‘application/x-www-form-urlencoded’
},
body: ‘username=’ + username + ‘&password=’ + password
})
.then(response => response.json())
.then(data => {
return data.token; // This will be the output of your Experimental Code Column
})
.catch((error) => {
console.error(‘Error:’, error);
return undefined; // Return undefined in case of an error
});
}

// Assuming p1 and p2 are passed from Glide
return getToken(p1, p2);

Yay… it worked first time! THANK YOU

Yeah, that will help secure it a bit. As long as the user knows their own username and password, but just be mindful that another user could hop on that same computer and possibly snoop the data to find the credentials. Remember, this stuff is flying around in clear text on your user’s device. Good enough for most cases, but may or may not pass a security audit. It’s always going to be beneficial for some code to run on a server only as opposed to an end user’s device.

I just tend to err on the side of caution when it comes to security. Where I work, we do regular Pen tests, SOC audits, and cyber security training to keep our systems secure and compliant. The stuff hackers can do and that most of us do not understand is a little creepy.

2 Likes

Hmmm. Just hit a wall with creating a column to run the API. It seems the integration ‘Call API’ is for Business plans only. I have a Pro plan. Is there a workaround? The pricing hints at a ‘Glide Basic API’ to get data, but I don’t know how to access this functionality… can you provide a pointer please?

The ‘Glide Basic API’ is the API to access your Glide data from an external service. It’s not the same as calling an external API from Glide. It’s for reaching into your glide data. Not for reaching out of your app to an external service.

Glide views the CallAPI feature as a Business+ feature. No way around that. I don’t see a better option for you if you are going to remain on the Pro plan.

I’m not saying there is anything fundamentally wrong with your current method using javascript. If it works, it works. If you are confident that the credentials are secure, then so be it. I would probably do the same thing if I was in your situation, but only if Row Owners were a factor and/or the app was a Private app so I have control over the users that have access to the rows that contain those credentials. However, I’d be more leery about storing someone else’s credentials because I’m not hashing and salting the credentials for security purposes. I also think about my case where I have data stored in a google sheet…that data is stored in clear text.

I’m just not in good conscious going to say that it’s the best method. Again, I’m overly cautious with things like this. I view the CallAPI feature as more secure because it runs server side and most of the credentials are handled and stored server side, thus more secure in general, and since Glide is handling the processing, then that’s why it costs additional updates. Business users are the ones that are more likely to require that kind of security and backend processing.

1 Like

Ok - forgive me for trying to keep up. Am I to understand the Java column I just used to get a token can be used as a manually scripted API column?

Pretty much. Biggest difference is obviously security considerations, and it’s going to run much more frequently than a CallAPI column would. CallAPI will cache results on the server whereas your javascript method is going to run on each and every device, every single time the app is ran. It will cache results to some degree on the local device, but overall the API will be getting hit much more often than it would with a CallAPI column. So the other consideration would be any rate limiting enforced by the third party API.

1 Like

Great thank you. That makes perfect sense.

I asked GPT to check the Exist documentation and propose a script to get a basic metric like total steps so far today:

I will give this a go.

1 Like

Update… I encountered some issues then made a breakthrough that worked!

So I have successfully imported data into a Glide app from a wearable device :slight_smile:

Onwards!

4 Likes

In case anyone wants the code to fetch data:

Here’s a revised JavaScript script for a GET request, tailored for use in Glide’s Experimental Code Column:

function getTotalSteps(token) {
const url = ‘https://exist.io/api/2/attributes/with-values/’;
const options = {
method: ‘GET’,
headers: {
‘Authorization’: Token ${token}
}
};

return fetch(url, options)
.then(response => response.json())
.then(data => {
    const today = new Date().toISOString().split('T')[0];
    const stepsAttribute = data.results.find(attr => attr.name === 'steps');
    const todayValue = stepsAttribute ? stepsAttribute.values.find(val => val.date === today) : null;
    return todayValue ? todayValue.value : 'No Data';
})
.catch(error => {
    console.error('Error:', error);
    return 'Error';
});

}

// Assuming token is in ‘p1’
return getTotalSteps(p1.value);

How This Script Works:

  1. URL and Headers: The script sets the URL for the Exist API and includes the necessary Authorization header with your token.
  2. GET Request: It performs a GET request to the Exist API.
  3. Processing the Response:
  • The script checks the current date.
  • It looks for the ‘steps’ attribute in the response data.
  • It then finds the value for today’s date.
  1. Returning the Result: The function returns the step count for today, or ‘No Data’ if no steps data is found for today.
  2. Error Handling: If there’s an error during the fetch process, the script catches it and returns ‘Error’.

Make sure to replace p1.value with the appropriate column name in your Glide table that contains the Exist API token. This script should work within the Glide Experimental Code Column to fetch and display today’s step count from the Exist API.

Here is an ugly screen that is using the result to update a glide chart:

2 Likes

I think you mean JavaScript column, yes?
The Experimental Code column is for calling code that you are self-hosting external to Glide. eg. on Github. It’s not the same as the JavaScript column in that you cannot directly add code snippets, just a URL to your external code.

You should be aware that because the JavaScript code is executed client-side, your API token is potentially discoverable by users. That may or may not be a concern - I don’t know. A more secure way to do this would be with the Call API feature, but of course that requires a Business or higher plan.

Well technically it’s the JavaScript column that sits under the Experimental Code group of columns… but I take your point. I’m not signed up for a business plan.

Knowing the Token without the userID and Password doesn’t get you very far. It’s just anonymous data, no?

That said, I’m acutely aware of the data privacy sensitivities. I will go belts and braces with row owner columns and any user will have to agree with how the data will be used, stored, deleted, etc… I also want to state, this is not a commercial app that will be available to the public , e.g. as a revenue stream. For now it’s a hobby app for personal use - I can’t justify the leap to a business plan.

Yep, it’s probably not a big issue in this particular case, but it is important to be aware of the risks.
To be honest, my comments were more for the benefit of others that might read this thread in the future.

3 Likes

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.