I have a series of functions, and I want to prevent some of them from being invoked by any method other than another netlify function in the same repo. I guess the simplest way to do this would be set a passphrase as an Env variable, and verify that any incoming request has that passphrase, but I figure there’s got to be another way that I’m missing. I have looked at the docs on signed proxy redirects, and I think that might be what I want, but the documentation is sparse so I’m not certain. (Rewrites and proxies | Netlify Docs).
It could be that I’m just approaching this all wrong, and I’m trying to solve a problem that shouldn’t exist, but if anyone has any advice, I’d appreciate it.
I believe there are several ways to do this, and you’re right that signed proxy redirects would be one way. But I think your env var passphrase would be simpler and still accomplish the same thing
In function A, you could set the passphrase to be a header, i.e. 'x-key': process.env.KEY and in function B, you would check for that header/header value. Or you could check for some hashed version of the value. Even if function A’s endpoint were visible in the browser, the call from function A to function B would not be—so both function B’s endpoint and the key required to “call” it would be relatively protected.
Want to give this approach a shot and let us know how it goes?
