If you haven’t yet played with Custom Filters… that’s sad They’re super powerful and important when it comes to securing your API EXACTLY as your project requires.
If you have played with Custom Filters… that’s awesome🥳 You’ve probably seen a little string in those filters that reads __loggedInUserId .
This is a Dynamic Variable that gets swapped out with its mapped value when an API call is received. It’s a great way of ensuring that the authenticated user (a.k.a. user tied to the JWT) has a relationship to the record that they are performing an operation on – per your application’s rules.
Yeah, you can use it however you want…but also know that it’s got some brothers and sisters that you can use too! The 3 Dynamic Variables that can be used when creating Roles are:
- __requestingApiToken - The API Token being used to authenticate the request.
- __loggedInUserEmail - The authenticated user’s email address.
- __loggedInUserId - The authenticated user’s ID.
If you have any questions about this, definitely ask them below!