Hello !
I’m looking at weweb to create an MVP for a batch of clients (50) to provide them specific data (dynamic CRM).
For now, I’m using gsheet data sources (automatically updated) for a test where I have a table with more than 1000 rows which can be identified via client_id (integer)
How can I provide only data related to my client_id when they authenticate in weweb ? Data are sensitive and I don’t want other client to download data of other client (even if it’s not directly visible)
1 Like
-
Google sheets isn’t a good database for an app. Cause it’s not a database. It’s a spreadsheet software.
-
I’d start with something like sheetdb.io or some other service that converts your sheet to a nice RESTful interface and allows you to query against the table like this
This is a shit method and doesn’t offer much security for your users, at all.
Instead you should rely on a backend that provides both authentication and database storage such as: xano, supabase, Firebase, and others.
1 Like
Hi @Loick 
Welcome on board! 
As Jared alluded too, if you want security, you’ll need a proper backend.
Even if you add authentication (using the WeWeb auth plugin for example), filtering your GSheet data based on a client_id will not provide security because all it will take is for an authenticated user to find the API call that gets his/her own data and change the call to fetch another client_id.
The only way to have true security is to use a backend like Xano or Supabase that allows you to protect the API endpoints (the Xano approach) or enable Row Level Security (the Supabase approach).
The level 2 course of the WeWeb Academy will cover this topic at length. It will be out in a few weeks but, in the meantime, here’s a video on the topic of security that you might find helpful.
Don’t hesitate to reach out if anything is unclear! Security can be an intimidating topic but it’s actually fairly straightforward once you get a few basics right 
Thanks for you answers !
I’m a bit stuck because I’m using data from our company platform which are compiled in big query (to access data as a non-dev)
- If I’m using in the ‘data sources’, integration via SQL, can this potentially solve my problem ?
- If not, can I send my data via big query (or gsheet - dirty way) to Xano in order to use it as a backend ?
Got it!
If Xano is an option, then you could ask Xano to call your sheet or big query (you can make REST API calls to big query).
That would be the easiest way I can think of to secure the data
Calling big query directly from a front-end is not ideal but might be ok if you’re building an internal tool.
1 Like