I am in the process of migrating my project from the Baserow Application Builder to a custom frontend (Cloudflare Pages) because I need more control over page load performance.
I need to gate certain forms behind a login system, mimicking the “Visibility: logged-in users” functionality I used in the App Builder. I have my API tokens stored securely in my Cloudflare Pages backend, so they are never exposed to the world.
My Setup:
-
Backend: Cloudflare Pages (using Baserow API tokens).
-
Database: A dedicated table for members.
-
Field: A standard Baserow “Password” field type with “Allow API endpoint authentication” enabled.
The Problem: I cannot get the password verification to work via the API. I’ve tried using the /check-password/ endpoint and standard row lookups, but I consistently hit 401 Unauthorized or 500 errors. I have tried both manually inputting passwords in the Baserow dashboard and submitting them via my form, but the API rejects the credentials every time.
It was suggested that I simply use a “Single Line Text” field for passwords since my stuff is server-side, but I am hesitant to move away from the security of the native Password field type if possible.
My Questions:
-
Is there a specific requirement for the payload format when using the
check-passwordendpoint with an API token? -
Does the “Allow API endpoint authentication” toggle actually support standard API tokens, or is it strictly tied to User Source/Application Builder sessions?
-
Are there any known quirks when trying to validate a native Password field via a custom backend instead of the built-in App Builder auth?
I read the API docs, and it mentions a JWT token, but I still can’t get anything to work. On that note, they expire quickly, so will my user have to keep logging in over and over? The forms they have to fill out are long…
