Always add Security Restrict to the top of your APIs. It's annoying that this isn't setup by default.
Please vote and comment on this feature request.
This request is to switch APIs from being unrestricted by default to restricted by default. If an API needs to be open then a “Security Unrestrict” could be added to the API.
This is a better approach to ensure data is not leaked unintentionally by Wappler developers that miss the step or do not know better.
This comes up every so often in posts and I would wager many Wapplers are exposing their data like this unsuspectingly.
I didn’t realize this before. If you do not add the Security Restrct action to your Server Connects, then they are wide open for anyone to query. Add a Security Restrict at the top to keep them locked down.
[image]
As for setting up API keys. There are multiple posts that discuss it. Unfortunately, there isn't anything built into Wappler as this time, so you'll have to design something yourself.
I appreciate your reply. You are seriously a rockstar!
That’s not quite what I want to do. I want to be able to make a REST call by passing data on the headers instead of two separate calls - one to authenticate and one for my API.
The article I referenced helped me figure it out but there wasn’t good Wappler documentation on how to get the HTTP header values.
Here’s what I ended up doing:
Followed the steps in this article to set up a User table
Created 2 new server variables
[image]
…
This might be an approach for building a mechanism for API keys.
2 Likes