Technical Notes - Interfaces

Interfaces to User Accounts Data & Functionality

These are the common capabilities we ideally want to provide an interface for, in order to make Webflow's User Accounts capability useful in site builds.

Primarily, these capabilities need to be accessible from client-side JavaScript, however there may be other interfaces built on top of that, such as custom attributes.

  • Getting login state

  • Getting current user basic info ( name, email, etc. )

  • Getting user ID

  • Getting current user custom fields

  • Getting current user access groups

  • Getting current user Meta ( additional, external data )

  • Performing a scripted login ( for external system SSO )

  • Performing a scripted logout

Interfaces We've Explored

Webflow.js Notes

Internally Webflow refers to User Accounts module as usys

It's fully boxed in, so even basic things like detecting login state or performing a logout are not accessible from custom code to Webflow.js interfaces.

Status: not usable for our needs, however a lot can be learned from the webflow.js on how to perform those tasks internally.

GraphQL Internal Interface

The internal interchange for usys data primarily occurs through GraphQL against site-internal endpoints that are CSRF protected.

In theory, it's likely possible to;

  • Get the user data we need

  • Update user data

  • Perform basic login / logout operations

Through this interface however it's not documented, and you would need to abide by the CSRF security mechanism approach.

/.wf_graphql/usys/apollo

/.wf_graphql/csrf

Note that these interfaces appear to be somewhat slow as well, or high-latency. The User Accounts screen is a good example of this, it takes a good 2 to 3 seconds frequently for the user's data to appear.

External Interfaces

Webflow's API is robust in its ability to get and update user data, however it has rate limit and CORS issues that make it unsuitable for a direct site integration. Typically you need to clone the member database and access it from there.

SA5's Approach

SA5 uses only publicly-accessibly mechanisms to do its work, which comes with complexity, potential fragility, and some performance cost.

It's not ideal, and we're looking for better options.

Interface Comparison

Leaving webflow.js off the list.

Last updated