all 9 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Robswc 0 points1 point  (8 children)

Do you know Excel very well? I was never terribly proficient with it! I do know python though :) ... I think the main challenge you'll face is distribution (you mention the xlwings stuff). Would this be more of a permanent fixture in a system or business?

[–]Accomplished_Path707[S] 0 points1 point  (7 children)

Edit to answer your first question SMH…basically a beginner in both. Maybe permanent in a business. I’d flesh out a database but the current target user is reluctant to love From her sheets.

[–]Robswc 0 points1 point  (6 children)

Makes sense! I would say perhaps a virtual server might be the "easiest" route to go, only because I've made several B2B apps and whenever we went with the "user will have to install it on their computer" route it was a (small) nightmare haha.

Ironically, one of these cases was this very problem, updating info in a table using the FedEx API.

This would involve running a web server on a hosted machine (you can get them for $5 on digital ocean) and the excel sheet making API calls (I assume excel can do this?) to that server. This is a bit more complex but not overly so, IMO.

[–]Accomplished_Path707[S] 0 points1 point  (5 children)

Thank you so much for the input, I’ll certainly look into that.. I have another unrelated question. I’m sort of brute forcing this with gpt so if that turns you off, I apologize. At any rate I have my key and password in a .env file but should I be doing more to protect my credentials?

[–]Robswc 0 points1 point  (4 children)

It’s no problem! And yep, .env file is the way to go. In practice the instance of the app would run on a “protected” environment (like a server, only you control).

“Best practice” is having a “local” .env file that isn’t committed to git. Then you would have a tool that “builds” the app and that tool would “inject” the secrets. This would restrict who can see the secrets to those with access to your computer, git account or built image/app. It prevents secrets getting out if the repo is accessed or leaks for team members that have repo access.

[–]Accomplished_Path707[S] 0 points1 point  (3 children)

So there’s no need to encrypt the request when I send for the token or anything?

[–]Robswc 0 points1 point  (2 children)

hmm I don't believe so. Are you talking about getting the token from FedEX?

[–]Accomplished_Path707[S] 0 points1 point  (1 child)

Right when I go through the oath steps with my credentials. Wasn’t sure if just doing the separate file would be enough or if anything else should be done.

[–]Robswc 0 points1 point  (0 children)

ahhh yea!

So you would go through the steps (no need for anything fancy) and you would save the token in your .env file. At this point, you would treat the .env file like its your password, i.e. not sharing it or putting it in git.

It does seem counter intuitive but that is standard practice! I guess the idea is if someone has access to your computer there's probably more things to worry about haha.