Skip to main content

Hi community, 

in my app i want to sell tickets, that allow users to generate a new game. The game’s content will be created by an edge function that calls a third party API. I read the documentation, but I am not sure about how to integrate this. I want to check if the user is entitled to generate the game not only in the app but inside the edge function as well, to prevent bad actors to abuse the edge function which would result in a bill on my end (the third party API costs money) .

 

What would be the best approach to achive this?

Hi @joostwmd,

I’m not sure if I completely understand but if the issue is making sure that only authorized users can update the database, it does seem like you need some kind of user authentication like what Supabase, Auth0, Firebase, etc provide. If I misunderstood the question please let me know.


So a quick update: I read that one need to create an own backend to keep track of any consumable products so that is what i did: When the user buys a products i will check if the originalAppUserId, that gets returned from the promise can be found in my customers table. If not i create a new row with the originalAppUserId and the default count value for my consumable which is one. If i can find the originalAppUserId i just increase the value by one. I can you my table to check if the user permitted to generate the game in the edge function. My only problem now is row level security. I am using supabase and I am looking for something that only allows a user how already bought a ticket to create a new row in my database. I don’t want to prompt my user to log into the app. Has somebody any thoughts about how i could get this done? 


Reply