Update Library Values to clarify usage #422
Conversation
|
|
docs/resources/projects/libraries.md
Outdated
| **Library values** are essentially variables created and used by a library author and intended to have their values set by the library user. These values allow library author to create configurable variables that are useful in different contexts, such as public API keys, global settings, or other project-specific configurations. These values allow library users to input specific data required for the library to function properly in their project. | ||
|
|
||
| For example, If someone has built a library that uses OpenAI API, they would define a Library Value for the OpenAI API key. As the user of the library, when you import, you must provide your own API key to ensure the library functions properly. | ||
| For example, if someone builds a library with a paginated list or a tabbed interface, they can define Library Values for display settings like `Items per page: 10` or `Initial tab index: 0`. This allows the library user to easily customize the UI behavior to fit their project’s needs without modifying the library’s internal logic. |
There was a problem hiding this comment.
Can we do a better example maybe? for example if user is building a payment gateway library then the amount & currency (and user id etc) can be passed down to the library from the main project so the payment gateway can initiate a payment for that amount.
docs/resources/projects/libraries.md
Outdated
| :::danger | ||
| **Library Values should not be used to store private or sensitive data**, such as secret API keys or credentials. These values are not currently designed to securely store or handle sensitive information. | ||
|
|
||
| The use of *public API key* is generally acceptable, because the keys often have limited permissions, rate limits, or are intended for public use. For instance, if someone creates a library that connects to a public weather API, they might define a Library Value for the API key. Users of that library can then input their own API key to make it work. |
There was a problem hiding this comment.
there are various names for it and we should mention them for SEO such as client-side API keys or Supabase like tools calls it publishable keys etc.
There was a problem hiding this comment.
also link to our docs for "restrict api keys" where I mention about how to restrict google cloud api keys when using on the client side. maybe you can give an example that even if you use maps key in a library, you must restrict the key permissions and link to docs
Co-authored-by: Pooja Bhaumik <[email protected]>
|
Hi @PoojaB26 could you please take a look again? |
2 participants
Description
Update Library Values to clarify usage
Linear ticket and magic word Fixes DEVR-998
Type of change