Hi,
I want to pay for my customers web3 gaz, so I thought I could do the following:
- Have some cloud functions doing the web3 calls for the user, requiring the user to be logged and authorized to do the actions.
This is flagged as unsecure by the documentation (I guess because the private key will be in the cloud function, and that there is no special mechanism to encrypt the code ?)
So, I went to a second approach: I create a custom node server, with a REST API that would be triggered by cloud functions.
But then, how can I protect the REST calls coming from the moralis cloud to my private node server, and making sure the request comes from a logged in user ? Can I pass a user in a request and check he is logged in from my node server ?