Skip to main content

Securing APIs

Use the @secureApi decorator to protect and manage access to an API integration.

You can use this decorator to protect each endpoint separately, or all endpoints within the integration.

When you use the @secureApi decorator, the decorated function accepts a parameter of type ApiCallContext, which provides the full context of the API call. This includes details such as the endpoint ID, server URL, HTTP method, request parameters, and more.

Note

Squid supports two flavors of API integrations, both of which can be secured using the same @secureApi decorator. These two flavors are OpenAPI (provided using an OpenAPI document) and regular REST API.

Securing a specific endpoint

Backend code
import { secureApi, SquidService, ApiCallContext } from '@squidcloud/backend';

export class ExampleService extends SquidService {
  @secureApi('usersApi', 'updateUserSalary')
  secureUpdateUserSalaryEndpoint(context: ApiCallContext): boolean {
    // TODO - Implement your security logic here
  }
}

Securing all the endpoints in the integration

Backend code
import { secureApi, SquidService, ApiCallContext } from '@squidcloud/backend';

export class ExampleService extends SquidService {
  @secureApi('usersApi')
  secureUsersApi(context: ApiCallContext): boolean {
    // TODO - Implement your security logic here
  }
}

The code samples above demonstrate how to secure an API integration using the @secureApi decorator. This decorator takes two parameters:

  1. The ID of the API integration, which can be found in the Squid Console.
  2. (Optional) The name of the endpoint to secure.

If you don't provide the name of the endpoint, the @secureApi decorator will secure all endpoints in the integration.