Lookups
Lookup Keys allow the DreamFactory administrator to store any number of "key value" pairs that can be attached to an app, a user, a role, or to the global system configuration of the instance itself. The key names can be used in a variety of DreamFactory interfaces by any API client, and the key values are automatically substituted on the server. Any Lookup Key can be marked as private, which causes the key's value to be securely stored on the server-side and not retrievable by the client, even with admin credentials.
- Provisioning
Lookup keys and values can be provisioned via the Admin console on the App, Role, and User tabs, as well as the Config tab in the Lookups menu option. There's a hierarchy to lookup keys, starting from global system keys, then to app keys, then role keys, and finally, user keys. The system will use the most specific one provisioned for the value in play. This allows you to create a system of default settings and, if needed, overrides for special cases. Consider the case of using lookup keys for configuring credentials on a database service. Some basic read-only credentials may be set as global system keys. Another set of credentials with read and write access may be provisioned on a particular role. And more admin-like credentials can be provisioned for a single user of that role. As long as the keys are named the same, the hierarchy allows for overriding of how the database is accessed without creating a different service for each scenario.
- System Keys
DreamFactory provides some "automatic" system-created Lookup Keys that are always available. These keys include information from the current user session, user information, role information, and the current instance name and versioning are also provided. These automatic Lookup Keys simplify many use case scenarios. For example, connecting a user by email address in an external database is easy. There is no need to create an email Lookup Key for each user.
- **session.token**
- **user.id**
- **user.email**
- **user.display_name**
- **user.first_name**
- **user.last_name**
- **role.id**
- **role.name**
- **app.id**
- **app.name**
- **app.api_key**
- **df.name**
- **df.api_version**
- **df.version**
- **df.host_url**
- **df.confirm_invite_url**
- **df.confirm_register_url**
- **df.confirm_reset_url**
- Uses
Lookup keys can be used in several interfaces of the DreamFactory instance. Typically, lookup keys are designated by wrapping the key name in curly braces, i.e. {some_name}. Lookup keys can be used in the following interfaces...
- in service credentials and configuration fields - **Private keys only!** For example, the username and password fields required to hook up a SQL database.
- in [Email Templates](Email-Services) in the subject line and message body - For example, using the user's name or instance name or URL.
- in [Remote Web Services](Remote-Web-Services) as parameters or headers - **Private keys only!**
- in [Server-Side Filters](Server-Side-Filters) in the Role Service Access provisioning.
- in posted data records or parameters in filters in SQL and NoSQL Database services.
Here's how you would use the lookup keys for username and password on a database service. The system will replace {db_username} and {db_password} with the most specific lookup keys defined for the user making the API call.
One simple yet important use of Lookup Keys is to hide the master credentials required for integration with an external system. For example, if you are using Amazon S3 then you will have an Access Key and Secret Key provided by AWS. Both of these values could be saved as private DSP Lookup Keys. Then you can use the key names in place of the actual credentials in the Admin Console. Later, if you wanted to connect to another Amazon service like Dynamo DB, you could just reuse the same key names. In this manner, your secret keys are encrypted and only used on the server-side for authentication with an external system. Private keys must be used for credentials and passwords and cannot be used elsewhere.
