Ayterx•19h ago

Private mutations and queries

Here's a revised version of your text with improved grammar and clarity: --- I've been trying to make mutations and queries internal so they can only be used in my Next.js API routes. The AI documentation says I can do this:

// app/api/payment/callback/route.ts

import { fetchMutation } from "convex/nextjs";

await fetchMutation(internal.plans.updateUserPlan, { /* args */ });

// app/api/payment/callback/route.ts

import { fetchMutation } from "convex/nextjs";

await fetchMutation(internal.plans.updateUserPlan, { /* args */ });

But this doesn't work either. The only workaround I found is to send a secret key along with the mutations or queries and verify if it's correct (using process.env.API_KEY). Also, my understanding is that everything exposed through api.myFunction is public and can be used by anyone who has the deployment URL. I can't make private calls from server-to-server.

2 Replies

Convex Bot•19h ago

Thanks for posting in <#1088161997662724167>. Reminder: If you have a Convex Pro account, use the Convex Dashboard to file support tickets. - Provide context: What are you trying to achieve, what is the end-user interaction, what are you seeing? (full error message, command output, etc.) - Use search.convex.dev to search Docs, Stack, and Discord all at once. - Additionally, you can post your questions in the Convex Community's <#1228095053885476985> channel to receive a response from AI. - Avoid tagging staff unless specifically instructed. Thank you!

AyterxOP•19h ago

Also, I don't think creating an HTTP action or node action is suitable for my use case.

Private mutations and queries

Did you find this page helpful?