Question:
How can I securely retrieve a unique identifier from a collection with restricted access in Wix Velo, without exposing sensitive data to the frontend?
Product:
Wix studio, Wix Velo (Backend operations and database permissions)
What are you trying to achieve:
I’m working on a web application that involves two collections. One collection stores sensitive user information and is set to be accessible by “Admin” only. The other collection stores related user transactions. My goal is to save user data asynchronously to the first collection and then retrieve a unique identifier based on a specific field (like a phone number) from this collection. This identifier is then used as a reference in the second collection.
What have you already tried:
I’ve created web modules to read from the restricted-access collection and return the necessary identifier to the frontend. However, I found that web modules lack the permission to read from collections set to “Admin” read-only access. Adjusting the collection’s read permission to “anyone” is not viable due to the nature of the data.
Additional information:
I am looking for a secure approach that allows backend operations to access the restricted collection and obtain the unique identifier, all while upholding the data’s privacy and security. The solution must comply with strict database permissions, enabling the backend code to execute the required tasks without compromising user data integrity. I seek guidance or best practices for this scenario, as my current method using web modules does not fulfill the security criteria.
Thank you for your support.