So if users would extract the API keys from the web app, until now they would have access to all our AirTable data. There is no indication that anyone ever did so. But of course I plugged this security hole by disabling the AirTable API key.
We don’t seem to have active campaigns or forms currently that rely on AirTable, so there is no immediate damage. However, the question is how to proceed from here.
Secure AirTable API key access via a proxy server. This would require us to run a small server application on our host, and some development effort. Relevant base repositories for this are daniloc/airtable-api-proxy and, derived from that and extended a lot, avanavana/airtable-api-proxy.
I discussed this with @owen and we decided to give Baserow a try. So I will install it on our server, and the next time Owen needs a web database, he’ll use that one. It’s an open source solution, so much more in line with our style than AirTable (which easily becomes annoying with its “upgrade account” messaging).
The only downside of this is that right now there is no straightforward way to collect Typeform responses in Baserow. @nadia wanted us to use that kind of connection for data collection for the remote work audits Edgeryders started to do. But in October 2021, Baserow folks intend to add Zapier integration, and with that it will be possible to make this connection.
This topic is for the progress reports and issues around our migration from AirTable to Baserow.