Getting Table Records from the API in JavaScript

Hey All,

Wanted to share something that I struggled with some. I wanted to make a different table viewer, but this meant I needed to be able to hit the tables api to get all of its records. Here is a function that does just that. Two things you need to change:

1. Create a bot in your instance, and copy its basic auth code to the authorizationBasic variable.
2. Update the URL you want to pull data from inside the request object.

async function callAPI() {
  console.log("in fetch machine data")
  const authorizationBasic =
    "Basic YXB...NmlXag==";

  let myHeaders = new Headers();
  myHeaders.append("Accept", "application/json");
  myHeaders.append("Authorization", authorizationBasic);
  myHeaders.append(
    "Content-Type",
    "application/x-www-form-urlencoded; charset=UTF-8"
  );

  const myInit = {
    method: "GET",
    headers: myHeaders,
    mode: "cors",
    cache: "default"
  };

  let myRequest = new Request(
    `https://petehartnett.tulip.co/api/v3/tables/RZdpY9NwDMPskoEE5/records?limit=100`
  );

  const response = await fetch(myRequest, myInit);
  const machineData = await response.json();
  console.log(response.status);
  //console.log(machineData);
  return machineData;
}

Some resources if you have never worked with the api:

• Using the tables api
• A good demo on async functons and APIs

Let me know if you run into any issues as we can work through them as a team-
Pete

Pete,

I just wrote a feature request that’s related to this. This approach you outlined here is an okay workaround, but there’s a few things that bother me.

1. The Tulip front-end already has access to the Table API and credentials. To get those credentials, the user might even have had to have used 2FA.
2. I don’t know if the credentials the UI uses are temporary or not (I hope so) but if they’re tied to the user’s login, then they are also tied to the client’s security policy e.g. maybe SAML2/LDAP, maybe requiring 2FA
3. You can’t really rotate bot credentials without having to go touch every widget, or, alternatively, make the credentials an input to the widget. Neither of those things are great.
4. Once you give the widget bot credentials, those credentials have access to every table, which just increases the vulnerability footprint

what I am suggesting instead is that we make the ability for custom widgets be a first-class citizen. Hand the widget a table reference, give it get() create() update() delete() methods associated with the specific tables passed into the reference, and have those methods automatically inject the same credentials the UI user is already using.

Along the same lines, step 2 would be pass in a reference to the App with a few methods like .complete() and .goToNamedStep(“something”).

Probably should discuss this in my feature request thread rather than here.