Calling Convex queries and mutations from Next JS API routes validated by WorkOS API keys
I'm building a web application that is primarily an api accessed application. Most of the front end is just configuring what will be eventually called via the API. Since WorkOS has API keys generated at the organization level, I don't believe there is a way to use ctx.auth.getUserIdentity() since there is no user tied to the request. That being said, how do I authenticate the organization in the Convex queries? If I just have the NextJS Api routes pass up the org ID obtained from verifying the API key to the Convex queries, doesn't that pose a security risk? Wouldn't that allow anyone to arbitrarily pass up the org id, or is the query only callable by my server?
TL;DR
How do I authenticate convex queries at an organization level if the authentication needs to happen on API routes with WorkOS API keys?
TL;DR
How do I authenticate convex queries at an organization level if the authentication needs to happen on API routes with WorkOS API keys?
