Secure BuildShip endpoint access
Hello everyone π ,
We use Buildship as our backend and FlutterFlow as our mobile frontend and Firebase as our database. For several days we've been looking at how to protect the API endpoints created with Buildship (secure communication between FlutterFlow and Buildship).
What authentication and authorization system does Buildship offer? Because right now, anyone with knowledge of the endpoint can execute workflows ...
Thanks for your help π
3 Replies
Hi, @pottok.club, yes there are couple of ways you can secure your BuildShip endpoint.
1. You can connect the Request object sourced from your Rest API Trigger with the 'Get Authorization node'. Subsequently, you can create a branching path to verify whether the authorization header value matches your designated secret value (such as an API token or bearer).
For Authorization Header you can refer this example - https://docs.buildship.com/basics/api-spec#example-scenario---implementing-byokit shows how you can set an Authorization from your REST Trigger request. Next then match it via passing variable in the Get Authorization Header node (not mentioned in the above example docs).
2. Since you are using Firebase for database, you can introduce a Firebase Authenticated user check node right at the beginning of your workflow to ensure data safety in transit and allow only a specific authenticated user is able to trigger that API from your app and access data. This way you can secure the trigger API call which will provide data safety in transit. We'll add docs for this in near future.
API Specification β BuildShip
A unified resource to start building your backend with low-code. Dive into triggers, nodes, and step-by-step guidance to jumpstart your workflow creation.
Hi @Gaurav Chadha
Thank you, I will use the second solution π .
I think it would be extremely valuable to have an easy and well-integrated authorization with FlutterFlow.
03