I’m using a vanilla JS script to interact with the Airtable API.
The API and the base are stored in this short Netlify function:
exports.handler = function(event, context, callback) {
const secret = [process.env.AIRTABLE_API, process.env.BASE_ID];
callback(null, {
statusCode: 200,
body: JSON.stringify(secret)
});
};
It works great when invoked via fetch
in my frontend js file. However, I can still see my function if I try to access /functions/ directly. How can I protect it from everything but my main .js file?