Reputation: 1736
How to authenticate calls to a plumber API from an app hosted on shinyapps.io?
I want to build an app with the following architecture:
The frontend would be deployed on shinyapps.io and would make call to an API written with plumber to interact with data.
The app would be private so a user would have to authenticate with the shinyapps.io auth module. The API would be hosted on a cloud platform.
I would like to know if it is safe to authenticate calls to the API by adding a secret key to the header on all HTTP requests.
The secret key would be defined in a .Renviron file deployed on Shinyapps.io and also on the API server.
This plumber filter should ensure that the secret key from the front and from the API match before sending the appropriate response.
Upvotes: 8
Views: 759
Answers (1)
Reputation: 776
Define safe? It is going to work for sure. If it is exposed to the public web, assume nothing is safe.
The filter you mentionned is there specifically for this use case. But it is still not safe against DDOS attacks.
Good luck.
Upvotes: 1
Related Questions
- How to require user authentication in R Shiny before users see any part of the app using shinyauthr?
- Host multiple plumber API on shiny-server
- Is there a way to request a Shiny app via GET?
- Is it possible to pass Login username details of shinyproxy to shiny app?
- Accept HTTP Request in R shiny application
- R Shiny: user authentication for a single app.R
- How to authenticate users of Shiny apps on shinyapps.io for Google Sheets (googlesheets)
- How to get username logged into shiny app hosted on shinyapps.io
- Requiring login for only one section of Shiny app
- Determine user credentials in shinyapps.io (not Pro)