Secure Netlify Functions

tysonalcorn · September 26, 2020, 11:29pm

Is there a way to secure Netlify functions in such a way that only the site itself can access them? I’m building a B2B SaaS and one of the requirements of the project is that each customer must have its own database and the users of each customer must be stored and authenticated in/from that database (which means I can’t use Netlify identity). To do this, I created a Netlify lambda function that creates a skeleton database off of a pre-built schema when the customer signs up. However, I need to secure this function so that only the application and no one/nothing else can access and use it. Does anyone have any idea?

Thank you kindly!

-Tyson

jen · October 1, 2020, 7:03pm

Hey @tysonalcorn,
Our signed proxy redirects should work this. Here’s a thread discussing them:

And our docs on them:

Let us know if that helps or if you have any other questions!

payzanto · January 9, 2022, 12:36am

Hi Jen! It’s not clear to me how signed proxy redirects help here. I read through the documentation and I’m still confused. I have a basic Netlify function but I only want my site to be able to access it. How can I do that?

payzanto · January 9, 2022, 12:44am

I found [Support Guide]: How to apply Access Control for Netlify Functions?, I think this is what I’m looking for.

Topic		Replies	Views
Verify user in Node.js backend Support identity , lambda-functions	7	3322	January 21, 2020
Signed proxy redirects Support redirects	5	1808	July 21, 2021
Share Code between each function (for jwt authentication) Support authentication , lambda-functions	3	1717	October 5, 2020
Getting Netlify Identity Secret Key Support authentication , identity , create-react-app	6	1717	February 3, 2022
Locking down netlify function Support lambda-functions	3	473	March 2, 2020

Secure Netlify Functions

Related topics