#Private mutations and queries

7 messages · Page 1 of 1 (latest)

woeful basaltBOT
#

Thanks for posting in #1088161997662724167.
Reminder: If you have a Convex Pro account, use the Convex Dashboard to file support tickets.

    - Provide context: What are you trying to achieve, what is the end-user interaction, what are you seeing? (full error message, command output, etc.)
    - Use [search.convex.dev](https://search.convex.dev) to search Docs, Stack, and Discord all at once.
    - Additionally, you can post your questions in the Convex Community's #1228095053885476985 channel to receive a response from AI.
    - Avoid tagging staff unless specifically instructed.

    Thank you!
quick swan
#

Use normal (public) query and mutation. Inside, guard them with a secret (an arg with some value). Configure that secret on your Convex backend and your Next.js server. Don't leak it.

#

(this is not specific to Convex)

surreal ember
#

This is a core fundamental of serverless - functions are either accessible over the internet or they aren't. Internal functions can exist because they literally aren't exposed to the internet, and can only be invoked from within the Convex platform. Your Nextjs api is outside of the Convex platform. So the general approach for any two backend services that want to only communicate with one another is a shared secret.

agile path
#

it's not considered so secure to pass the secret as parameter.
is it possible to put your server behind the Convex’s authentication providers - Clerk, and have the server call the function with a backend JWT that browsers cannot mint?

So the next.js server code has the api-key of Clerk and issue a JWT, and inside the public Convex mutation - enforce this JWT.
is it possible? recommended?

surreal ember
agile path