Skip to main content

Securing APIs

Use the @secureApi decorator to protect and manage access to an API connector.

You can use this decorator to protect each endpoint separately, or all endpoints within the connector.

When you use the @secureApi decorator, the decorated function accepts a parameter of type ApiCallContext, which provides the full context of the API call. This includes details such as the endpoint ID, server URL, HTTP method, request parameters, and more.

Note

Squid supports two flavors of API connectors, both of which can be secured using the same @secureApi decorator. These two flavors are OpenAPI (provided using an OpenAPI document) and regular REST API.

Securing a specific endpoint

Backend code
import { secureApi, SquidService, ApiCallContext } from '@squidcloud/backend';

export class ExampleService extends SquidService {
  @secureApi('usersApi', 'updateUserSalary')
  secureUpdateUserSalaryEndpoint(context: ApiCallContext): boolean {
    // TODO - Implement your security logic here
  }
}

Securing all the endpoints in the connector

Backend code
import { secureApi, SquidService, ApiCallContext } from '@squidcloud/backend';

export class ExampleService extends SquidService {
  @secureApi('usersApi')
  secureUsersApi(context: ApiCallContext): boolean {
    // TODO - Implement your security logic here
  }
}

The code samples above demonstrate how to secure an API connector using the @secureApi decorator. This decorator takes two parameters:

  1. The ID of the API connector, which can be found in the Squid Console.
  2. (Optional) The name of the endpoint to secure.

If you don't provide the name of the endpoint, the @secureApi decorator will secure all endpoints in the connector.