How to build a secure application

Options
Alexander Thomsen
Alexander Thomsen Member
in ❓Other questions
Hi there👋,

I'm kind of new to Xano and now have a basic understanding of the DB, API and authentication etc. 

I'm trying to understand how to create a secure application so the user can only CRUD  "To-dos" related to themselves.

My thinking (please correct me)
• I assume on the GET auth/me I would add an add-on to the"To-dos" DB by using a table reference. 
• "To-dos" endpoint POST will require the user_id as an integer to the table reference, which I get from the GET auth/me.


Questions
• To update a record or delete a record how to do this securely, so only the specific user can edit/delete To-dos related to themselves? Can it be based on auth token that references the user?


Thanks!
· Share on Twitter

Comments

  • Michael Udinski
    Michael Udinski Administrator

    ADMIN
    Options
    The authentication token stores the unique user id inside it. This is accessible in the function stack via "auth id". 

    You can leverage that in your function stack to help ensure the user is only dealing with data that belongs to them. Preconditions can be added too as an extra security check. 
    · Share on Twitter
  • Alexander Thomsen
    Alexander Thomsen Member
    Options
    Ah wonderful thanks👍
    · Share on Twitter

Categories