Possiblity to store 3rd party OAuth token securely

Hi all,
I am about to create an integration that interacts with a Slack like server. The server provides oauth2 access. I had a look on the slack-app example and there the token from the server will be stored in a local sqlite database along with the userId. I would like to do something similar to prevent the user to authorize at the server each time he uses the integration.
I saw in another topic, that the storage API should not be used for such data. So is there another way to do it?
I just found following

and my question there is, what is that mySqlAccess? I seems, I search for something similar.
Thanks a lot and cheers, Marcus

Hi Marcus,

I understand you want to store a token for the user of the Slack like server? For monday you don’t need to store tokens anymore as monday will send an encrypted - 60 seconds valid - token in the payload of every call they make to your endpoints (except webhooks). The mySqlAccess above is Class in Node.JS that holds the function readToken. The function readToken does a simple query to a local (in this case MariaDB) database.

Hi Bas,
thanks for the fast answer. I meant the token from the slack like server. And you answered part of my question, you store the token just in a local DB (as the slack-app example).
I understand that a monday integration will be installed on the monday server, right? So would it be secure enough to have there a local DB that stores token? I mean, who could access to this DB except the app itself? If nobody else can read it, I think it is ok.

Hi Marcus,

If this app contains an integration (you select that during the initial build of the app) the backend of the app runs on your own server (not within monday). Monday post request to your app’s endpoints. How your secure your local DB is up to you. In my setup the DB can only be accessed from the same server the app is running on. If your app is a (dash)board view the code runs indeed on monday servers.

1 Like

Thanks Bas, got it.
Now I have to think about developing an integration in general as I am not sure if I want to provide an own server for it. Let’s see.

Hey @nyxophyl ,

I’m glad @basdebruin was able to shed more light on this! He’s very awesome at that :slight_smile:

I can confirm on my end that you’d need to store the tokens from the other app you are integrating with on your end in your database, and that the integration will indeed run on your server at this point.

I hope you’ll find a solution that makes sense for you to implement, and for users to work with!


This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.