Running internal functions from a tooling script
Hi, I would like to create a development tooling script that can invoke specific queries/mutations on our production deployment. Ideally we make these internal functions so they can't be called from web clients. I know that it's possible to call internal functions through
npx convex run or from the Convex dashboard, and I'm interested to know if there is a SDK that we can use to do this from a script.
I tried creating a SDK wrapper myself which uses npx convex run under the hood, which does work on small queries, but I'm running into issues with JSON serialisation and shell buffer size limits.
What kind of implementation do you suggest to achieve querying a production deployment from a development script reliably? Also open for other suggestions, e.g. creating public functions with argument-based token authentication, but I am curious to learn what the suggested best practice is.7 Replies
Thanks for posting in <#1088161997662724167>.
Reminder: If you have a Convex Pro account, use the Convex Dashboard to file support tickets.
- Provide context: What are you trying to achieve, what is the end-user interaction, what are you seeing? (full error message, command output, etc.)
- Use search.convex.dev to search Docs, Stack, and Discord all at once.
- Additionally, you can post your questions in the Convex Community's <#1228095053885476985> channel to receive a response from AI.
- Avoid tagging staff unless specifically instructed.
Thank you!
Hey Jules, you can definitely do this. Under the hood, the Convex CLI uses the Convex HTTP Client (https://docs.convex.dev/api/classes/browser.ConvexHttpClient)
You can extend access to internal functions by calling
client.setAdminAuth(DEPLOY_KEY) -- this is currently an undocumented internal method, so if you're using TypeScript, you'll need to disable typechecking on the line of code doing this. Once this is done, your request will be authenticated as an admin, and be allowed to run internal functions. The DEPLOY_KEY is a deploy key creatable on the Deployment Settings page of the dashboard, or via the API https://docs.convex.dev/management-api/create-deploy-key
setAdminAuth also works on the convex client you pass to the convex react SDK, if you're doing this in a react app, but do be aware that the deploy key is very powerful, so be careful exposing it in a client-side context.
And lastly, it also works via the http api (https://docs.convex.dev/http-api/) by settings the Authorization: Bearer <DEPLOY_KEY> headerThat's great, thanks for sharing. Can the access token stored in
~/.convex/config.json also be used as the deploy key?No, you'd need to use a deploy key or a team access token (created on the team settings)
Okay 👍
Can you do this in a server-side JS environment like nodeJS?
Also, does this implicitly answer the question I have in this thread below?
https://discord.com/channels/1019350475847499849/1404598692115382472/1404598692115382472
It should work in node 18+
Yup 🙂