January 22, 2019

Using API Credentials in Shortcuts

Shortcuts on iOS can do incredibly powerful things, and with a little bit of extra magic you can connect to most APIs as well. Pulling data from APIs, manipulating it, and extending your shortcuts is really powerful. However, you need to have a good way to manage the authentication tokens and secrets for those APIs.

Most Shortcuts I have seen use a Text variable and put the token in that variable. It’s then used throughout the Shortcut. This works, but it exposes problems if you share that Shortcut. It also has issues if you use the same API in multiple Shortcuts. You are now copying that token in numerous places.

Another approach that I prefer is to create Shortcuts that do nothing but return those tokens. You can then call those Shortcuts from another Shortcut to get the token. I prefix these Shortcuts with the prefix Secret”.

Then when I need to use an token for an API I call the Shortcut and then reference the magic variable returned from it. You can even hide the execution of that second Shortcut.

In addition to reuse, you also get other benefits from this approach. Your Secret Shortcut can have some logic. For example, I access Working Copy from Shortcuts and it does so with a local URL call, protected with a random key. That key is specific to each iOS device. So, rather than try to synchronize the keys I have the Secret shortcut return whatever key is right for the device that is running.

I do a similar thing with MailChimp’s API token that requires some encoding be applied to it.

I find this a better way to manage these secret tokens, get reuse, and make it easier to change them. 👍

Previous post
Moving Day Today the movers will be showing up to move all the big things to our new house! It’s been nearly 9 years since we last moved. It is the first time
Next post
Hack the Gap 2019 Hack the Gap hosted their 5th annual Hackathon for women and non-binary individuals this weekend. I was able to attend the demo event today where