Where can i set an api key for my appwrite project on the web sdk? .setKey doesn't work
#Appwrite web sdk api key
dry tundra
glass dove
setKey is only on server side sdk i.e. node-appwrite.
dry tundra
is there an alternative? or something
glass dove
web sdk is for client use, whats your usecase with client side api use?
lone cairn
You really wouldn't want to expose an API on the client anyways :P
dry tundra
But I mean the projectId and the databaseIds are public right?
So anyone can make their own api calls for my website?
dry tundra
You really wouldn't want to expose an API on the client anyways :P
Or how should i do that?
lone cairn
So anyone can make their own api calls for my website?
Not if you have permissions setup appropriately
lone cairn
Or how should i do that?
You would want people to authenticate and act on behalf of them.
dry tundra
Give me a minute im gonna send an example
dry tundra
You would want people to authenticate and act on behalf of them.
export async function savePost(userId: string, postId: string) {
try {
const updatedPost = await databases.createDocument(
appwriteConfig.databaseID,
appwriteConfig.savesCollectionID,
ID.unique(),
{
user: userId,
post: postId,
},
[
Permission.read(Role.user(userId)),
Permission.write(Role.user(userId)),
Permission.update(Role.user(userId)),
Permission.delete(Role.user(userId)),
]
);
if (!updatedPost) throw Error;
return updatedPost;
} catch (error) {
console.log(error);
}
}
do you mean these permissions?
or this
lone cairn
Yea. So why would you want to use an API key, it seems to me you’re saving user posts which makes me think they’re logging in
dry tundra
yeah but is it safe like that?
lone cairn
Yes, only authenticated users can read and write
dry tundra
and i set the document security on because it only worked like that
dry tundra
Yes, only authenticated users can read and write
i thought i needed something more like a key
lone cairn
No key needed. You can set document security so that only the user that created the post can edit or delete it
dry tundra
okay thanks, another question, if i have a collection which has user data, and there is one private data, is there a way to hide that? without functions
lone cairn
Like one private field?
You could create a private user data collection and only pull it when necessary
dry tundra
You could create a private user data collection and only pull it when necessary
and is it a safe way for a social app? like if I want to store emails, some settings etc?
lone cairn
Sure just make the permissions on that collection/document such that only the user can read their own email
dry tundra
Sure just make the permissions on that collection/document such that only the us...
[
Permission.read(Role.user(userId)),
Permission.write(Role.user(userId)),
Permission.update(Role.user(userId)),
Permission.delete(Role.user(userId)),
]
kind of this right?
lone cairn
Yes
dry tundra
Thank you
dry tundra
@lone cairn sorry for the ping, is it safe if i only set up permissions for the getDocument? not with the create