You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently the Cloud API endpoints are public and easy to guess. Malicious activity can be carried out by obtaining the ID of an active subscriber.
Expected feature
All API endpoints should be private and require some basic authentication before the function logic is executed.
A similar implementation of this can be found in the Netlify docs on Function Authentication, however, the implementation provided by Auth0 is not feasible as we are not using Netlify as an authentication provider.
Currently the Cloud API endpoints are public and easy to guess. Malicious activity can be carried out by obtaining the ID of an active subscriber.
Expected feature
All API endpoints should be private and require some basic authentication before the function logic is executed.
A similar implementation of this can be found in the Netlify docs on Function Authentication, however, the implementation provided by Auth0 is not feasible as we are not using Netlify as an authentication provider.
Cc: @ivelin
The text was updated successfully, but these errors were encountered: