Currently the Cloud API endpoints are public and easy to guess. Malicious activity can be carried out by obtaining the ID of an active subscriber.
Expected feature
All API endpoints should be private and require some basic authentication before the function logic is executed.
A similar implementation of this can be found in the Netlify docs on Function Authentication, however, the implementation provided by Auth0 is not feasible as we are not using Netlify as an authentication provider.
Currently the Cloud API endpoints are public and easy to guess. Malicious activity can be carried out by obtaining the ID of an active subscriber.
Expected feature
All API endpoints should be private and require some basic authentication before the function logic is executed.
A similar implementation of this can be found in the Netlify docs on Function Authentication, however, the implementation provided by Auth0 is not feasible as we are not using Netlify as an authentication provider.
Cc: @ivelin