Flutterflow + Xano + Firebase security

seekom

Hi everyone! Recently started a FlutterFlow project, I'm using Xano as the backend, and Firebase for auth and notifications.

I'm storing the phone number used during login as an app state variable, which I then use as the identifier to get that user's data from Xano.

This method works well, but I'm not sure about the security aspect of it. Could sensitive user data be compromised during the API calls? The app state variable on Flutterflow is encrypted but the Xano endpoint is public. I'd appreciate any help and insights on this.

Lefteris - blupry.com

Hey @seekom,

Well that’s the definitely the best method, but unless you are using it in a large production application you shouldn’t worry about it.

The best way is to use the auth tokens and the auth me endpoint for this kind of operations.

Other than that, why don’t you just use the ID of the user to perform these operations? It is for sure unique.

We have developed a lot of FlutterFlow templates and Xano snippets, so if you need anything more specific don’t hesitate to contact us!

seekom

Thanks for the answer! I decided to use Auth tokens in the end, apparently sending over decoded data like the phone number or ID is a security hole.