Writing · Tag

Articles tagged "api-security".

5 articles on this topic.

Articles tagged "api-security"

·7 min read · supabase , supabase-vault , postgres

How to encrypt API keys and client secrets in Supabase

Use Supabase Vault to encrypt API keys and client secrets, keep metadata in Postgres, and gate decrypts behind one checked SECURITY DEFINER function.

How to encrypt API keys and client secrets in Supabase: cover image

·6 min read · security , supabase , auth-jwt

User enumeration via password reset: the bug in default forgot-password flows

Most forgot-password endpoints leak whether an email exists. Fix: return the same response always, regardless of account status.

User enumeration via password reset: the bug in default forgot-password flows: cover image

·7 min read · security , supabase , edge-functions

Origin validation in edge functions: the open redirect you ship by default

Edge functions that trust the Origin or Referer header for redirect URLs are open-redirect vulnerable. One allowlist helper closes the gap.

Origin validation in edge functions: the open redirect you ship by default: cover image

·7 min read · supabase , supabase-auth , postgres

Two-layer identity models in Supabase: when auth and authorization disagree

auth.users gives you identity for free. Roles need a second table, a trigger, and an atomic migration. Here's where the gap breaks production.

Two-layer identity models in Supabase: when auth and authorization disagree: cover image

·5 min read · apis , no-code , api-security

Bubble.io Tips - 3

Learn essential Bubble.io privacy and security tips, optimize API calls, and implement best practices to protect your data and improve performance

Bubble.io Tips - 3: cover image
← All articles