APIs & Integrations

jjimeno
Teilnehmer/-in | Diamond Partner
Teilnehmer/-in | Diamond Partner

Secure Serverless function APIs

lösung

Hi guys! 

 

Hope you are doing well. 

 

how do we make our API from a serverless function only accessible when its called from our website but it shouldn't be available elsewhere example Postman, etc. I'm not sure what would be a good approach? do we need to add an authentication key in the header and will be validated in the api? wont this key be exposed? thank you!

 

Hope someone could help! 

 

Regards, 

Jess

 

1 Akzeptierte Lösung
louischausse
Lösung
Autorität | Platinum Partner
Autorität | Platinum Partner

Secure Serverless function APIs

lösung

@dennisedson 

As we found in Dev Slack, a way to handle that is to check whether the contact exists and is logged in the function. An example of this is https://github.com/HubSpot/cms-event-registration/blob/master/src/event.functions/membership.js#L21-...

Louis Chaussé from Auxilio HubSpot Solutions Partner Signature
Louis Chaussé from Auxilio HubSpot Solutions Partner Meeting link

Lösung in ursprünglichem Beitrag anzeigen

7 Antworten
louischausse
Lösung
Autorität | Platinum Partner
Autorität | Platinum Partner

Secure Serverless function APIs

lösung

@dennisedson 

As we found in Dev Slack, a way to handle that is to check whether the contact exists and is logged in the function. An example of this is https://github.com/HubSpot/cms-event-registration/blob/master/src/event.functions/membership.js#L21-...

Louis Chaussé from Auxilio HubSpot Solutions Partner Signature
Louis Chaussé from Auxilio HubSpot Solutions Partner Meeting link
dennisedson
HubSpot-Produktteam
HubSpot-Produktteam

Secure Serverless function APIs

lösung

Hello @jjimeno ,

At this time, we do not have a good solution for limiting the access.  It has been mentioned several times and we are investigating so stay tuned. 

0 Upvotes
louischausse
Autorität | Platinum Partner
Autorität | Platinum Partner

Secure Serverless function APIs

lösung

Hey @dennisedson !

Any update on this?

Louis Chaussé from Auxilio HubSpot Solutions Partner Signature
Louis Chaussé from Auxilio HubSpot Solutions Partner Meeting link
0 Upvotes
dennisedson
HubSpot-Produktteam
HubSpot-Produktteam

Secure Serverless function APIs

lösung

Not yet.  I imagine there would be an announcement for something like this so if you haven't already, sign up for the developer changelog

louischausse
Autorität | Platinum Partner
Autorität | Platinum Partner

Secure Serverless function APIs

lösung

Hi @dennisedson,

Thanks for your reply. 

Already subscribed!

Is there a beta program that we can enroll in?

Louis Chaussé from Auxilio HubSpot Solutions Partner Signature
Louis Chaussé from Auxilio HubSpot Solutions Partner Meeting link
0 Upvotes
dennisedson
HubSpot-Produktteam
HubSpot-Produktteam

Secure Serverless function APIs

lösung

@louischausse , I will look into it. (I don't think there is, yet)

Will reach out directly if one exists.  Feel free to occasionally nudge me 😀

0 Upvotes
IBuddhika
Mitwirkender/Mitwirkende | Diamond Partner
Mitwirkender/Mitwirkende | Diamond Partner

Secure Serverless function APIs

lösung

Hi @dennisedson ,

 

Is there any update for this? I guess it's really an important feature to have.