I have a question about the REST API plugin from WeWeb. In my cases, most API calls require authentication to secure access to functions or data. I am wondering if the REST API plugin is unusable when authentication is needed because the authentication details might be exposed. I am aware of a secure method using a SQL plugin from WeWeb, but I find this process, especially with Supabase, very laborious. I am looking for a simpler alternative or want to know if my current approach is correct.
Yes. Why wouldn’t it be?
Auth credentials are meant to be transmitted, even over a restful api interface.
Are you concerned with weweb logging what you pass thru the api connection?
Yep, I second @jaredgibb, just don’t leak your private keys. I think you might want to look into how JWT and authentication in general works. There is some keys that you want to transmit, and it’s their whole purpose - e.g. auth keys. And some, that are to be kept in a vault on a secret island, e.g. refresh keys, some private keys etc.
1 Like