Hi Andreas and welcome to the forum.
I am not sure I understand what it means to store data into flat files.
Instead of writing (all sorts of) data to a database, Typesetter will use the file system, namely the /data directory and its subdirs.
In general, Typesetter will write php files containing arrays to store everything via some dedicated classes and methods.
But of course it's up to a plugin developer to use different file types or even a database, if it makes sense.
Does this mean that other people can access these data, …
Generally no. If you use php arrays stored via Typesetter's save methods, nobody will have direct (raw) access, not even a logged-in admin.
It's all up to the plugin/api code how your data will be used, rendered or exposed to others.
Basically, Typesetter is a single-entry-point appllication (with only one exception - but that doesn't matter here).
…and I don't have fully control of what data is public?
You have full control. Of course you can make arbitrary data public accessible, either by responding to certain requests or create raw files (json, xml, html, you name it)
But will the API secret keys that is stored in the PHP code then be able to access by other users, that don't have access to my webserver?
No they will not be able to access them.
A simple example, how Typesetter data files typically look like, e.g. a plugin config in
defined('is_running') or die('Not an entry point...');
$mydata = array(
'apikey_1' => 'cew4hjoifjhvg934u3rethgw4',
If I understood your plan correctly, your plugin would then read the config, use the key to fetch data from a 3rd-party API, process / format / output the results (or provide them in a different way)
2 years ago