How to secure Data API

All my GET requests are public. How can I secure them?

I am building a native app. After enabling Data API can access them without protection. I want my APIs accessible only if I am providing some authentication header (Ideally user access token).

Go to Data.
Select Privacy Tab.
Go through each table, define a new rule. Uncheck all flags for Everyone else (default permissions). And Check Find this in searches etc for “User”.

API without header “Authorization: Bearer TOKEN” will get empty response.

1 Like