How to authenticate calls to a plumber API from an app hosted on shinyapps.io?

Question

I want to build an app with the following architecture:

The frontend would be deployed on shinyapps.io and would make call to an API written with plumber to interact with data.

The app would be private so a user would have to authenticate with the shinyapps.io auth module. The API would be hosted on a cloud platform.

I would like to know if it is safe to authenticate calls to the API by adding a secret key to the header on all HTTP requests.

The secret key would be defined in a .Renviron file deployed on Shinyapps.io and also on the API server.

This plumber filter should ensure that the secret key from the front and from the API match before sending the appropriate response.

score 1 · Answer 1 · answered Jun 08 '20 at 15:34

1

Define safe? It is going to work for sure. If it is exposed to the public web, assume nothing is safe.

The filter you mentionned is there specifically for this use case. But it is still not safe against DDOS attacks.

Good luck.

answered Jun 08 '20 at 15:34

Bruno Tremblay

1 Answers1