Week 11: Bypass Permissions in a Serverside API Request

I’m sure that you woke up this morning thinking about how “API requests made inside 8base’s resolver functions inherit any supplied Bearer Token and that sometimes prevents me from making server side API calls that are outside the scope of the authorized user’s.” I know I did.

Well, you actually can bypass roles & permissions all together when calling your GraphQL API from within a custom function. Here’s how!

Bypass Roles & Permissions in Custom Resolver Functions (screenshot)
Always be careful when bypassing roles & permissions in a function that application users can invoke! That said, just because it’s dangerous doesn’t mean it’s not useful. :wink:

If you have any questions about this, definitely ask them in the 8base Community!

Happy Developing!