Umbraco.Forms.Issues icon indicating copy to clipboard operation
Umbraco.Forms.Issues copied to clipboard
verified publisher icon umbraco

Forms API fetch record entry

Open bjarnef opened this issue 1 year ago • 5 comments

In a headless setup we can submit form and fetch form: https://docs.umbraco.com/umbraco-forms/developer/ajaxforms

However I don't see any option to fetch a specific record from Guid.

image

We would like to fetch data for a record to show a summary of the submission.

bjarnef avatar May 31 '24 07:05 bjarnef

There would be a security concern with this... if you could retrieve the record by GUID, as well as showing the summary of the submissions just created, you could retrieve data about any record, across any form. Of course you would need to know the GUID identifiers which isn't likely, but it's not really protected in any form of authorization.

So it's a possibility, but would need to be opt-in I think if you were prepared to take on the risk.

Similar in a way to the allow editable form submissions option.

AndyButland avatar Jun 16 '24 07:06 AndyButland

@AndyButland isn't is the same, which happen in a traditional MVC project, where it can include form guid and record guid in querystring and one could use record service to list these data on "Thank you" page?

bjarnef avatar Jun 16 '24 16:06 bjarnef

That would have a similar issue yes, but would perhaps be considered not the best practice - and avoided by storing the GUID in the session rather than adding it to a querystring.

AndyButland avatar Jun 17 '24 04:06 AndyButland

I guess the new Management API handle this, which is used in the new backoffice (Umbraco 14), where it has a endpoint to fetch record data? Does it secure it in any way different from other endpoints and Delivery API (if not public)?

bjarnef avatar Jun 17 '24 09:06 bjarnef

For management API you need to have a token you receive from being logged in via the backoffice.

AndyButland avatar Jun 17 '24 09:06 AndyButland