Week 6: Dynamic variables in Roles and Permissions

If you haven’t yet played with Custom Filters… that’s sad :pleading_face: They’re super powerful and important when it comes to securing your API EXACTLY as your project requires.

If you have played with Custom Filters… that’s awesome🥳 You’ve probably seen a little string in those filters that reads __loggedInUserId .

Dynamic variables in Roles and Permissions

This is a Dynamic Variable that gets swapped out with its mapped value when an API call is received. It’s a great way of ensuring that the authenticated user (a.k.a. user tied to the JWT) has a relationship to the record that they are performing an operation on – per your application’s rules.

Yeah, you can use it however you want…but also know that it’s got some brothers and sisters that you can use too! The 3 Dynamic Variables that can be used when creating Roles are:

  • __requestingApiToken - The API Token being used to authenticate the request.
  • __loggedInUserEmail - The authenticated user’s email address.
  • __loggedInUserId - The authenticated user’s ID.

If you have any questions about this, definitely ask them below!