Appearance

Updating visuals

If you see any images containing outdated UI, please bear with us.

We are updating all content as quickly as possible to mirror our new UI.

Return

Securing APIs

Protect your APIs so only the right users can access sensitive data.

Steps at a glance

  1. Create an API in Data & API → APIs.
  2. Add Middleware so the API requires a signed-in user (and roles if needed).
  3. Test the API in preview mode and confirm it is blocked when signed out.

1) Add Middleware to the API

  1. Open Data & API → APIs.
  2. Select your API endpoint.
  3. In the API settings, set Middleware to:
    • Public For endpoints anyone can access.
    • Authenticated For endpoints that require a signed-in user.
    • A role-based rule when only certain roles should have access.

2) Return clear responses

  • If the user is not signed in, return a helpful message (for example “You must sign in to continue.”).
  • If the user is signed in but not allowed, return a message like “You do not have access to this.”

3) Test it quickly

  1. In preview mode, trigger the API from your interface.
  2. Test while signed in and while signed out.
  3. Confirm the result matches your Middleware rules.

Common pitfalls

Your API works in preview but fails in production

  • Check that your production environment uses the same SSO Provider settings and environment variables.

You can still access the API from a public page

  • Make sure the API endpoint itself is protected with Middleware (not only the page).

Related guides

Using user roles thumbnail

Using user roles

Control what users can see and do by assigning roles and checking them in your app.

Beginner7 min
Enable Google sign in thumbnail

Enable Google sign in (SSO)

Let users sign in with Google and test the flow in your app.

Intermediate8 min