Calling Convex queries and mutations from Next JS API routes validated by WorkOS API keys
I'm building a web application that is primarily an api accessed application. Most of the front end is just configuring what will be eventually called via the API. Since WorkOS has API keys generated at the organization level, I don't believe there is a way to use ctx.auth.getUserIdentity() since there is no user tied to the request. That being said, how do I authenticate the organization in the Convex queries? If I just have the NextJS Api routes pass up the org ID obtained from verifying the API key to the Convex queries, doesn't that pose a security risk? Wouldn't that allow anyone to arbitrarily pass up the org id, or is the query only callable by my server?
TL;DR
How do I authenticate convex queries at an organization level if the authentication needs to happen on API routes with WorkOS API keys?
1 Reply
Thanks for posting in <#1088161997662724167>.
Reminder: If you have a Convex Pro account, use the Convex Dashboard to file support tickets.
- Provide context: What are you trying to achieve, what is the end-user interaction, what are you seeing? (full error message, command output, etc.)
- Use search.convex.dev to search Docs, Stack, and Discord all at once.
- Additionally, you can post your questions in the Convex Community's <#1228095053885476985> channel to receive a response from AI.
- Avoid tagging staff unless specifically instructed.
Thank you!