elderlyman
Member-
Content Count
10 -
Joined
-
Last visited
Recent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
-
Displaying dynamic content from an API call
elderlyman replied to alex_d's question in Coding and Customization
Though is possible to serve up your variable listings using an API call to an external resource (other than the approved set), there are some limitations that may be non-starters in achieving your goal. One issue: there does not seem to be any way to store an API key / auth info on Squarespace securely, and presumably this is why there is no documentation about how how to call non-approved resources from Squarespace. It seems to me that unless the resource you're calling can risk API key exposure, for example calling a free API with no real risk of a call limit overrun, Squarespace -
Calling external API from Squarespace
elderlyman replied to CarbonClick's question in Coding and Customization
Yes, it is definitely possible. However you may find that the limitations on what you can securely call from Squarespace present some major challenges. For example, if the API you are using to call some external data requires that you to keep the API key secure, that may not be possible. For more on this subject, see the answer provided in this question about hiding API keys. Basically, Squarespace is all front-end, so for non-approved API's, there is no access to the back end where you could securely stash an API key. If you want to call an API and the security of a key is not -
paul2009 reacted to an answer to a question: Hide an API key in file on a disabled page
-
Hide an API key in file on a disabled page
elderlyman replied to elderlyman's question in Coding and Customization
@paul2009 thanks for the thorough answer. I've been trying to balance a few goals: use a very simple code block (don't turn on dev mode), keep the API key secure as a best practice/to avoid quota theft, and avoid unnecessary complexities that might break. I can now see how, within the options of the code block or with file uploads, I'm still playing only in the front end. Even though I can't do exactly what I wanted, it's nice to have come to some conclusions about what my options are. Thanks!- 5 replies
-
- api
- javascript
-
(and 1 more)
Tagged with:
-
Hide an API key in file on a disabled page
elderlyman replied to elderlyman's question in Coding and Customization
@bangank36 Thanks. Since you say it is the simplest option, I'll start experimenting with a Google Apps script on a published url. Are you sure that an API key listed in a script on a public URL would be safe?- 5 replies
-
- api
- javascript
-
(and 1 more)
Tagged with:
-
Thanks @RyanDejaegher. I should have read the docs further to see that display is always checked for JS. Though I still don't understand why the Squarespace feature would be designed this way. Why would there be no option to actually run JavaScript in a code block, only display it? Yet the HTML can actually run be run or be displayed in a code block?
-
Site URL: http://bostonbiketaxi.com When I attempt to write some code in a code block using JavaScript, the Display Source option grays out and prohibits me from checking/unchecking. So I am effectively prohibited from using JavaScript in a code block. The option to check/uncheck the Display Source box works as expected when HTML is selected, but not for JavaScript. What could be happening here?
-
Trying to embed code for convertkit form into code block
elderlyman replied to nicolescheitlin's question in Coding and Customization
I'm having an issue with this because I cannot uncheck the Display Source box for Javascript, only HTML. So I am effectively prohibited from using pure JavaScript using code blocks -
I would like to make a fetch request from my squarespace site to a weather data provider. The code works fine when I write it into a code block directly on the page. My issue is that the code contains an API key that I want to keep secure, yet accessible. My strategy to keep this "simple" was to use the method described in this article to upload my file that runs the script which uses the API key, and then reference that file using <script src="/s/javascriptfile.js"></script> The biggest question is whether storing an API key in an uploaded file linked on a disabled
- 5 replies
-
- api
- javascript
-
(and 1 more)
Tagged with:
-
Where do I upload JavaScript files?
elderlyman replied to Mario Campos's question in Coding and Customization
I am hoping that the @Mario Campos answer from November 30, 2012 is still valid. If it is valid, I would love to hear some input from @SQUARESPACE about whether users should still expect to wait 24 hours for uploaded files to be accessible/run when referenced on other pages, as observed by @CedricLor. My goal is to upload files to an unlinked and disabled page so that I can reference API keys securely rather than write those keys directly into a code block. Would disabling a page interfere with file references? Toggling it enabled/disabled does not seem to make a difference. -
Display a list of local events from seatgeek API
elderlyman posted a question in Coding and Customization
Site URL: https://bostonbiketaxi.com/ Hi there, Would it possible to connect to the SeatGeek API to display local event data on my site? The SquareSpace API docs all seem directed towards commerce-related goals. I have some mobile app dev experience, so I am familiar with how to connect to the SeatGeek API in that context. I just don't know if code within a squarespace site would allow me to do this. Thanks very much for any help!