API endpoint Security before going live
Dear members of the buildship community, what is the best practice solution to secure my buildship api endpoints? I built my app in flutterflow and I've read that i could use Firebase as somekind of proxy, can i do the same thing with Supabase? Is there an easy and convenient solution for this?
Thank you very much, all the best for '25!
4 Replies
AI Support Bot Information
<@168034580417216512> you can react on the relevant answer (message) with a ✅ in this thread when you think it has been solved, by the bot or by a human!
Anyone can react on this message with a ❌ if the GPT bot is unhelpful or hallucinating answers.
Please note: Team members will review and answer the questions on best efforts basis.
AI Response
It seems that the specific solution you're looking for regarding securing BuildShip API endpoints using Supabase or Firebase as a proxy is not available in the frequently asked questions. However, generally speaking, securing API endpoints can involve:
1. Authentication & Authorization: Ensuring that only authorized users can access certain endpoints using tokens or API keys.
2. Rate Limiting: To prevent abuse and ensure fair usage by limiting the number of requests a user can make in a given time frame. 3. HTTPS: Make sure that data is encrypted in transit by using HTTPS. 4. CORS Policies: Cross-Origin Resource Sharing configurations can restrict which domains can access your API. 5. Input Validation and Sanitization: Preventing SQL Injection and other attacks by ensuring that inputs are validated and sanitized. As you mentioned using Supabase, it’s known for providing features like authentication and database security policies which could be beneficial. I recommend consulting Supabase's official documentation or support to see if it can act similarly to Firebase in terms of acting as a proxy. For more specific guidance or community-shared experiences, you may want to post your question directly on developer forums or communities related to BuildShip, Supabase, or the FlutterFlow platform. Feel free to reach out via in-app support for more personalized assistance!
2. Rate Limiting: To prevent abuse and ensure fair usage by limiting the number of requests a user can make in a given time frame. 3. HTTPS: Make sure that data is encrypted in transit by using HTTPS. 4. CORS Policies: Cross-Origin Resource Sharing configurations can restrict which domains can access your API. 5. Input Validation and Sanitization: Preventing SQL Injection and other attacks by ensuring that inputs are validated and sanitized. As you mentioned using Supabase, it’s known for providing features like authentication and database security policies which could be beneficial. I recommend consulting Supabase's official documentation or support to see if it can act similarly to Firebase in terms of acting as a proxy. For more specific guidance or community-shared experiences, you may want to post your question directly on developer forums or communities related to BuildShip, Supabase, or the FlutterFlow platform. Feel free to reach out via in-app support for more personalized assistance!
BuildShip AI Support
In addition to this @Hërzouz you can checkout this tutorial - https://docs.buildship.com/tutorials/secure-api
Secure Your API Endpoint – BuildShip
A unified resource to start building your backend with low-code. Dive into triggers, nodes, and step-by-step guidance to jumpstart your workflow creation.
Thank you very much