Ayterx Posts - Convex Community

Ayterx

•Created by Ayterx on 5/17/2025 in #support-community

Private mutations and queries

Here's a revised version of your text with improved grammar and clarity: --- I've been trying to make mutations and queries internal so they can only be used in my Next.js API routes. The AI documentation says I can do this:

// app/api/payment/callback/route.ts

import { fetchMutation } from "convex/nextjs";

await fetchMutation(internal.plans.updateUserPlan, { /* args */ });

// app/api/payment/callback/route.ts

import { fetchMutation } from "convex/nextjs";

await fetchMutation(internal.plans.updateUserPlan, { /* args */ });

But this doesn't work either. The only workaround I found is to send a secret key along with the mutations or queries and verify if it's correct (using process.env.API_KEY). Also, my understanding is that everything exposed through api.myFunction is public and can be used by anyone who has the deployment URL. I can't make private calls from server-to-server.

3 replies