is a great project management tool for companies. You can set it up to track projects, tasks, team members, and deliverables, but Airtable doesn’t have a great way to share these projects with your clients securely. Airtable There are some workarounds for this problem. You can create a shareable link to a view in Airtable, but anyone who gets a hold of that link will have access to your client’s sensitive data. Alternatively, you can give clients direct access to your Airtable base. But because Airtable lacks granular access control, they’d be able to see all your other clients’ projects, too. Finally, you could use a no-code interface builder, but then you’re limited by the features their editors support. WYSIWYG In this tutorial, you’ll see how to build a scalable, secure, and flexible client portal on Airtable using , , and . Sync Inc Cotter Next.js You’ll set up a custom application that allows your clients to log in securely and access only the data you want them to access. Finally, you’ll see how to make this application interactive so that your clients can sign off on projects directly from the portal. Each step will be outlined in this tutorial, but if you’d like to get a working copy of the final code, you can . find it on GitHub Setting Up the Airtable Base This demo project will start with the . Copy this template to your Airtable account and open up the base. Airtable Project Tracker template This base includes three tables: , , and . Tasks are for internal use only, so in this tutorial, you’ll focus on the projects and clients. Design projects Tasks Clients You’ll use Cotter to authenticate users by their email address, but this template doesn’t come with a client email field. So, you need to add a new column to the table called . Clients Email Add some dummy data to each of the fields, but . This will be your test client account so you can verify that the web app works. use your own email address for one of them Connecting Sync Inc to Airtable While you could build a client portal that queries the Airtable API directly, this has some major drawbacks, including the following: Airtable’s API limits you to just five requests per second, so it won’t scale well. Querying related records using the Airtable API is cumbersome and often involves multiple API calls. This can significantly reduce your app’s performance, especially when coupled with the API limit mentioned above. Postgres allows you to write much more powerful queries than Airtable’s API. If you haven’t already, sign up for a . Sync Inc account Once you’re logged in, click the button in the top right corner. Add your Airtable API key, select the base you want to replicate (it’s called by default), select , and make the destination for the replica . Add Base Project tracker Sync all tables in this base New Sync Inc database When you’re done, hit , and within a few seconds, you’ll have a Postgres replica of your Airtable data. Create Be sure to save the Postgres connection string shown, as you’ll need it for your web application. Creating a New Next.js Application is a React-based web development framework designed to run seamlessly on . While you could set up a new React application with a backend, Next.js makes the setup and configuration process simpler, so it’s a great starting point for building simple frontend applications like this one. Next.js Vercel much Assuming you’ve got a recent version of Node.js installed (version 10+ is recommended), use `npx` to create a new application from your terminal: npx create-next-app Enter a name when prompted (I used ), and the required base packages will be installed. project-tracker This project includes one API endpoint and one frontend route, which you’ll modify later in this tutorial. For now, navigate into the new project folder: project-tracker cd And open the project in your text editor or IDE of choice. Build a Custom Client Portal on Airtable Using Cotter Logins Setting Up Cotter for Authentication To allow clients secure access to your portal, you need a way to authenticate them via their email addresses. While you could build this feature yourself, you can also use a third-party authentication provider such as Cotter to set this up with almost no custom code. Setting up Cotter is pretty straightforward, but there’s a if you get lost. detailed tutorial for setting up Cotter on Next.js on their blog First, sign up for Cotter and get your API key ID and secret. Next, from your terminal, you need to install Cotter and a few other dependencies required for this demo application. npm i --save cotter cotter-node cotter-token-js Next, create a file in the root directory of your project. This will allow you to securely store your environment variables without checking them into version control. .env.local # .env.local file NEXT_PUBLIC_COTTER_API_KEY_ID="..." COTTER_API_KEY_SECRET="..." PG_CONNECTION_STRING="..." AIRTABLE_API_KEY="..." AIRTABLE_BASE="..." Replace each with the corresponding environment variable from each of the services used in this tutorial. ... Note that the Cotter API key ID must be prefixed with . NEXT_PUBLIC_ This signals to Next.js that the variable should be made , while the other environment variables will be kept securely on the server only. available in the browser Finally, update the file to use Cotter and display a login form. pages/index.js Head styles Cotter ; { useEffect, useState } ; cotterApiKeyId = process.env.NEXT_PUBLIC_COTTER_API_KEY_ID; { [isLoggedIn, setIsLoggedIn] = useState( ); useEffect( { cotter = Cotter(cotterApiKeyId); cotter .signInWithOTP() .showEmailForm() .then( { localStorage.setItem( , payload.oauth_token.access_token); setIsLoggedIn( ); }) .catch( .log(err)); }, []); useEffect( { (localStorage.getItem( ) != ) { setIsLoggedIn( ); } }, []); logOut = { localStorage.removeItem( ); setIsLoggedIn( ); }; ( <Head> <title>Client Portal</title> <link rel="icon" href="/favicon.ico"/> </Head> <main className={styles.main}> <h1 className={styles.title}>Welcome to Your Client Portal</h1> {isLoggedIn ? ( <div> <p style={{textAlign: "center", cursor: "pointer"}} onClick={logOut}>Log Out</p> </div> ): (<p>Log in to view your projects.</p>)} <div id="cotter-form-container" style={{ width: 300, height: 200 }} /> </main> </div> ) } import from 'next/head' import from '../styles/Home.module.css' import from "cotter" import from "react" const export default ( ) function Home const false // Shows the Cotter Login form and sets Access Token when authenticated => () const new => payload "ACCESS_TOKEN" true => err console // Sets local isLoggedIn variable => () if "ACCESS_TOKEN" null true // Deletes Access Token and logs user out const => () "ACCESS_TOKEN" false // Display the client portal page return < = > div className {styles.container} One note on the above code: I’ve opted to use localStorage instead of cookies for simplicity, but there’s . Cookies have some security benefits, especially in JavaScript-heavy applications like this. a good case for using cookies in a production environment If you’d like to test the login functionality at this point, you can run your Next.js application from your terminal. npm run dev Go to , where you should see a login form like this: localhost:3000 After logging in, you’ll see the Cotter success message. You’re now ready to integrate the frontend with Sync Inc to retrieve data for each client. Querying Data Stored by Sync Inc Now that your clients can be authenticated with Cotter, you can use the email address of each authenticated user to make a PostgreSQL query that retrieves only the projects belonging to that client. In order to accomplish this, you’ll need to create an that calls your Sync Inc database. API endpoint in your Next.js application First, install the package using NPM. node-postgres npm i --save pg Since you don’t want to expose your Postgres connection string in the browser, you need to connect to Postgres from a server-side application. NextJS API routes allow you to add backend code in the same repository as your frontend application by adding serverless functions to your folder. ./pages/api Create a new file at and connect to your Postgres database there: pages/api/projects/index.js {CotterAccessToken} ; {Pool} = ( ); connectionString = process.env.PG_CONNECTION_STRING; pool = Pool({ connectionString, }); import from "cotter-token-js" const require 'pg' const const new Next, you need to export a function that NextJS will call when the route is called. /api/projects ... export (req, res) => { } default async // Authorization and database connection code will go here To get the current user’s authorization token, you can use the (imported above). Add the following to your exported function: Cotter Token JS library ... (!( req.headers)) { res.statusCode = ; res.end( ); } auth = req.headers.authorization; bearer = auth.split( ); token = bearer[ ]; // Check that the authorization header exists if "authorization" in 401 "Authorization header missing" // Extract the token string const await const " " const 1 Decode this , to get the user’s email. If the user doesn’t have an email or the token is invalid, this code will throw an error, so wrap it in a try/catch block. JWT ... try { decoded = CotterAccessToken(token); } (e) { .log(e); res.statusCode = ; res.end( ); } // Decode the Cotter JWT. Note that "decoded.payload.identifier" is the user's email const new // Get design_projects by clients.email here catch // Handle any errors console 500 "Server error. Something went wrong." Finally, you can use the following code to get all this client’s projects. Because Airtable (and therefore, Sync Inc) stores the relationship between clients and projects as an array of IDs, you can use to join clients and projects. Postgres’ ANY clause query = ; {rows} = pool.query(query, [decoded.payload.identifier]); res.statusCode = ; res.json(rows); // Get design_projects by clients.email const `select design_projects.* from design_projects join clients on clients.id = ANY (design_projects.client) where clients.email like $1;` const await // Respond with results 200 This endpoint is now able to query directly from Sync Inc, so you can avoid Airtable’s rate limits. Having your data in Postgres also allows you to create more dynamic and efficient queries to get your data from Airtable. Calling the Project’s Endpoint Now that you’ve got an endpoint set up, you need to call it from your frontend, but only after a user logs in. At the top of the class you created in , add the following: Home pages/index.js … { [clientProjects, setClientProjects] = useState( ); getClientProjects = () => { token = localStorage.getItem( ); resp = fetch( , { : { : }, }); setClientProjects( resp.json()); }; … export default ( ) function Home const null // Gets this client's projects when they're logged in const async const "ACCESS_TOKEN" const await "/api/projects" headers Authorization `Bearer ` ${token} await Now, in the same file, update the Cotter login form effect to call the method after the user is authenticated. getClientProjects … cotter .signInWithOTP() .showEmailForm() .then( { localStorage.setItem( , payload.oauth_token.access_token); setIsLoggedIn( ); getClientProjects(); }) .catch( .log(err)); … => payload "ACCESS_TOKEN" true // Add this line: => err console If you restart your Next.js application and log in again with your browser’s inspector open, you can see that a call is being made to . /api/projects In the next step, you’ll use the results from that API call to populate your client portal. Displaying Projects in the Portal Now that you’re able to authenticate a user and retrieve their projects from Sync Inc’s Postgres replica, you’re ready to display the results in the UI. Next.js already includes some basic styling, but don’t feel limited by it. One of the big advantages of building a custom portal like this is that you have complete control over the user interface and experience. Open your file again and add the following within the code that checks whether a user is logged in: pages/index.js … {isLoggedIn ? ( <div className={styles.grid}> {clientProjects.map(project => <div className={styles.card} key={project.id}> <h3>{project.name}</h3> <img src={project.project_images[0]} style={{maxWidth: "100%"}} /> <p>Led by {project.project_lead.name}</p> <p>Due on {project.due_date.split('T')[0]}</p> </div> )} </div> ) : (<p>You currently have no projects attached to this account.</p>)} <p style={{textAlign: "center", cursor: "pointer"}} onClick={logOut}>Log Out</p> </div> <p>Log in to view your projects.</p> {clientProjects ? ( < > div ): ( )} … Start the app again and log in, making sure to use your email address that you attached to one of the client accounts in Airtable. You should see a list of all this client’s projects like this: You now have a working client portal that will allow your clients to securely access limited data about their projects only. But what if you want to allow clients to interact with the projects in the portal? In the last section of this tutorial, you’ll see how to allow clients to save data to Airtable using . Sync Inc’s write proxy Writing Data with Sync Inc Your clients will probably need to sign off on each project as it’s completed. To let them do this in your new portal, you can add a checkbox on each project that lets clients mark projects as complete. Sync Inc gives you a read-only Postgres replica of your Airtable base. This ensures that you have a single source of truth for your data, but it means that you can’t use typical Postgres to make changes in Airtable. queries UPDATE Fortunately, Sync Inc has a solution to this limitation. By using instead of the standard Airtable API server, your updates will be instantly saved to both Airtable and your Postgres database. their proxy server To use the Sync Inc proxy in JavaScript, install the Airtable NPM package: npm i --save airtable Next, create a new endpoint in your Next.js application that will handle update requests. Make a new file at and add the following: pages/api/projects/[projectId].js {CotterValidateJWT} ; Airtable ; base = Airtable({ : process.env.AIRTABLE_API_KEY, : , }).base(process.env.AIRTABLE_BASE); (req, res) => { { projectId } = req.query; (!( req.headers)) { res.statusCode = ; res.end( ); } auth = req.headers.authorization; bearer = auth.split( ); token = bearer[ ]; { valid = CotterValidateJWT(token); (!valid) { res.statusCode( ); res.end( ); } base( ) .update([{ : projectId, : { : }}]); res.statusCode = ; res.end(); } (e) { .log(e); res.statusCode = ; res.end( ); } } import from "cotter-node" import from "airtable" // Instantiate the Airtable client using the Sync Inc proxy const new apiKey endpointUrl "https://proxy.syncinc.so/api.airtable.com" export default async // Get the project ID from the URL const // Check that the authorization header exists if "authorization" in 401 "Authorization header missing" // Extract the token string const await const " " const 1 try // Check that the JWT is valid const await if 403 "Authentication token invalid" // Update project complete status await 'Design projects' "id" "fields" "Complete" true // Respond with a 204 204 catch // Handle any errors console 500 "Server error. Something went wrong." This endpoint validates the user’s authentication JWT from Cotter to ensure that unauthenticated users cannot access this endpoint and then uses the Airtable API library to update the field to true. Also notice that at the top, we specified the Sync Inc proxy URL as the API’s . This routes requests through Sync Inc to keep your Postgres database up-to-date at the same time as the Airtable base. Complete endpointUrl Next, you need a checkbox in your template and a method to call the new endpoint from the frontend. Add this method to your component before the statement: Home return … markProjectComplete = (e) => { completeProjectId = e.target.value; setClientProjects(clientProjects.map( { (project.id === completeProjectId) { project.complete = ; } project })); token = localStorage.getItem( ); fetch( + completeProjectId, { : { : }, : , }); }; … // Allow clients to mark a project as complete const async const => project if true return const "ACCESS_TOKEN" await "/api/projects/" headers Authorization `Bearer ` ${token} method "PUT" Finally, add this paragraph just below your due date inside the loop that displays all your clients’ projects in the same file: … <p> … Project complete < = = = = = = /> input type "checkbox" name "complete" value {project.id} onChange {markProjectComplete} disabled {project.complete} defaultChecked {!!project.complete} </ > p Start your Next.js application again and log in at . This time you’ll see a checkbox next to each project. Check one of the records, and you’ll see that the checkbox will be disabled. This prevents clients from approving the same project multiple times, but of course, you can modify this behavior to fit your use case. localhost:3000 To make sure the synchronization works, go to your Airtable base to see if the record has been synced yet. If you’re fast, you can see Airtable marking the project complete in the base. Next Steps In this tutorial, you’ve seen how to build a flexible, scalable client portal on top of Airtable. You used to replicate your data to Postgres, Cotter to authenticate users via email, and Next.js to build a frontend with two serverless endpoints. Sync Inc As you adapt this demo to your use case, you might consider adding pages for each project so that clients can see more details about each of them. Or you might connect multiple emails to each client to allow different stakeholders to get access to their portal. You could even integrate Stripe to allow clients to make payments directly in your customer portal. Many thanks to Karl Hughes for contributing this tutorial for Sync Inc. Karl is a former startup CTO and the founder of Draft.dev Previously published at https://docs.syncinc.so/playbooks/client-portal
