Storing API key and token in DB and injecting them into N1ED

There is a need to let user change the API key visually (or set it if was not set before). N1ED can be installed on many websites and it should have a unique API key for each to store individual configurations (including custom templates and blocks). To reach this you must make injecting the API key to N1ED dynamically.

Create two fields in the database: for API key and for token (both string/varchar). Set default values as NULL for token and "XXXXDFLT" for API key (where "XXXX" is the first constant part of your API keys, check it in the Dashboard). This key will be used by default for those who just started working in your CMS and did not set their own key (configuration will be available in read-only mode until the key is changed to another with approving access to it).

Token will give access to change the configuration of N1ED to all your colleagues who work with N1ED (for example add or change custom blocks or configure UI). In the basic installation token was saved in cookies of browser and gave access only to the browser which gained the token once, so any user who wishes to change configuration required to have a master password to get an individual token. The integration you do now will fix this: administrator will enter the password just once without exposing it to anybody and save the received token in DB. This token will be available to everyone who has used N1ED.

So next you are to make reading these data from DB and send them as N1ED configuration on load. Find the code which initializes the editor and substitute the values there:

  • apiKey - API key from DB
  • token - token from DB

Example for TinyMCE and PHP:

<?php
    $apiKey = getN1EDApiKeyFromDB(); // write your own function
    $token = getN1EDTokenFromDB(); // write your own function
?>
tinymce.init({
    selector: "#editor",
    apiKey: "<?php echo $apiKey ?>",
    token: "<?php echo $token ?>",
});

This is just reading the key with token and injecting them as is, but in the next step we will add the ability to update it too.

Check it

Be sure N1ED loads with your default API key and the configuration is available in read-only mode (asks for a password when you try to edit it).