I have created a custom action for adding a user to my app’s database after they register via Auth0. That is currently working, with my app’s endpoint being called and the user being created.
However, I need to protect this endpoint in my app so that I only accept requests from the above action.
I am using a Next JS App and the API endpoint is part of the same app to which the user is registering. How can I authorize the post-registration action to have access to this protected endpoint?
For reference, this is the action and corresponding endpoint:
Custom action, triggered after user signs up
const axios = require("axios");
exports.onExecutePostUserRegistration = async (event, api) => {
await axios.post("<API URL>/api/users/new", { email: event.user.email });
};
Receiving Next JS API Endpoint that needs to be protected
I need to protect this endpoint so that it only accepts requests from the above action.
async function handler(req: NextApiRequest, res: NextApiResponse<Data>) {
const email = req.body.email;
if (!email) {
res.status(400).send({ message: "Missing email parameter" });
return;
}
const user = await createUser({
email,
});
console.log("created user: ", user);
res.status(200).send({ message: "user added", user });
}
Any tips or suggestions are appreciated!