Secure Serverless function APIs

SOLVE
jjimeno
Participant | Gold Partner

Hi guys! 

 

Hope you are doing well. 

 

how do we make our API from a serverless function only accessible when its called from our website but it shouldn't be available elsewhere example Postman, etc. I'm not sure what would be a good approach? do we need to add an authentication key in the header and will be validated in the api? wont this key be exposed? thank you!

 

Hope someone could help! 

 

Regards, 

Jess

 

1 Accepted solution

Accepted Solutions
louischausse
Solution
Key Advisor | Platinum Partner

@dennisedson 

As we found in Dev Slack, a way to handle that is to check whether the contact exists and is logged in the function. An example of this is https://github.com/HubSpot/cms-event-registration/blob/master/src/event.functions/membership.js#L21-...

Louis Chaussé

CEO

Auxilio

lchausse@auxilio.io
auxilio.io
Schedule a call

View solution in original post

6 Replies 6
dennisedson
Community Manager

Hello @jjimeno ,

At this time, we do not have a good solution for limiting the access.  It has been mentioned several times and we are investigating so stay tuned. 

Thanks,

Dennis




Check out our Community Developer Blog
where we feature our Community driven developer podcast and how to content
0 Upvotes
louischausse
Key Advisor | Platinum Partner

Hey @dennisedson !

Any update on this?

Louis Chaussé

CEO

Auxilio

lchausse@auxilio.io
auxilio.io
Schedule a call
0 Upvotes
dennisedson
Community Manager

Not yet.  I imagine there would be an announcement for something like this so if you haven't already, sign up for the developer changelog

Thanks,

Dennis




Check out our Community Developer Blog
where we feature our Community driven developer podcast and how to content
louischausse
Key Advisor | Platinum Partner

Hi @dennisedson,

Thanks for your reply. 

Already subscribed!

Is there a beta program that we can enroll in?

Louis Chaussé

CEO

Auxilio

lchausse@auxilio.io
auxilio.io
Schedule a call
0 Upvotes
dennisedson
Community Manager

@louischausse , I will look into it. (I don't think there is, yet)

Will reach out directly if one exists.  Feel free to occasionally nudge me 😀

Thanks,

Dennis




Check out our Community Developer Blog
where we feature our Community driven developer podcast and how to content
0 Upvotes
louischausse
Solution
Key Advisor | Platinum Partner

@dennisedson 

As we found in Dev Slack, a way to handle that is to check whether the contact exists and is logged in the function. An example of this is https://github.com/HubSpot/cms-event-registration/blob/master/src/event.functions/membership.js#L21-...

Louis Chaussé

CEO

Auxilio

lchausse@auxilio.io
auxilio.io
Schedule a call

View solution in original post