I’m currently utilizing Plasmic Auth for user authentication, but I’m facing a challenge in sending authenticated HTTP requests to my backend API.
Initially, my approach involved sending a request with currentUser -> email, but I’m concerned about its security since my backend server lacks the capability to validate whether the email truly belongs to the user.
To solve this, I would like to implement a JWT between my backend server and Plasmic. However, I’m uncertain whether this requires utilizing a custom authentication or if it’s achievable with Plasmic Auth.
Any insights or guidance on this matter would be greatly appreciated. Thank you!
Great question. The TLDR answer is to pass a secret token to your HTTP API as a hardcoded value, such as in the headers.
This works because integrations are routed through Plasmic servers first. Hardcoded values are stored on Plasmic servers and sent to your HTTP API. They will never be exposed on the client. Please check out this page for a more detailed explanation of how security works for backend integrations.
Thank you for your response! Just to clarify, if I’m understanding correctly, all integration requests are proxied by Plasmic. So, when integrating with the HTTP API, the request to my backend will be handled by Plasmic and not by the client. Is that correct?
If so, I’m curious about any limiting factors regarding the number of API requests allowed. While I noticed a reference to “monthly page views” in the pricing plans, there’s no mention of nº integration requests.
Could you provide some insight on this?
Hi @nuno_lopes, we don’t currently have a limit on integration requests, but we may introduce one in the future. Unfortunately I can’t share more than that.