It may seem that there are only two ways to authenticate via API; JWTs that a user creates via an auth provider and API Tokens that you create, which are super secret. If that’s what you thought, well…you’re right! However, check out this trick.
.png%3Fwidth%3D1120%26upscale%3Dtrue%26name%3DUse%2520API%2520Tokens%2520as%2520part%2520of%2520your%2520Data%2520Model%2520(screenshot1).png)
You can use API Tokens as part of your Data Model. There’s a ton of use cases for this! One big one is authorizing things like IoT Devices.
In the screenshot above, the table called ConnectedDevices has a one-to-one relationship with the API Tokens system table. There’s a dozen ways to create a new record with an associated token (e.g. manually, GraphQL API, before.trigger, and more). However, once set up, Permissions that reference the __requestingApiToken variable can be used!
.png%3Fwidth%3D1120%26upscale%3Dtrue%26name%3DUse%2520API%2520Tokens%2520as%2520part%2520of%2520your%2520Data%2520Model%2520(screenshot2).png)
If you have any questions about this, definitely ask them in the below!