Cloud functions are accessible without using _ApplicationId

While going over security, I found out all REST endpoints for cloud functions can be accessed without using _ApplicationId:

Check here, it returns a (hello world) result without needing _ApplicationId:

So what’s the use of _ApplicationId?

I don’t know exactly what for that parameter is, but as it is a public parameter it can not be considered as a security problem if it works without it

I’m using REST to get data from another moralis server inside cloud functions, so my app_id is never visible client-side. But yes, not the most secure if that key is compromised.

Just wanted to let you know, as using the app_id is mentioned very specifically in the docs, so you would expect it to do something :slight_smile:

you can add a separate security layer if you want with a specific key that you send as parameter and you can check it in that cloud function