I’m new to Memberstack.
Let’s say I do a REST API with golang on Heroku. This REST API will be public.
Is there a way to protect this REST API with Memberstack so only authenticated members and/or paid members can request an API endpoint? It’s a common use case.
I know we can easily protect page but if it’s valuable data. A person can look the REST API endpoint in the page, then cancel his subscription and then call the API endpoint on its own (and thus get the data). This is just one use case of protecting REST API but there are a lot others.
Anyway to protect api endpoint with memberstack?
Welcome, and thank you for posting in the forum!
Great question! I am tagging our dev lead @belltyler on this. He is excited to pick your brain!
Also interested in the answer
This is very important and it has been over a month since the question was asked. Can we get some attention here?
YES please ! It’s not like it’s a minor case. REST API are used in almost every webapp today.
Hey folks! Yes, this is something that we’re keeping in mind — we’ve been making some bigger fundamental improvements to the product and that is still a work in progress so we’re not quite ready to share that yet. We’ll be posting some more updates over the coming weeks/months on this note, but rest assured we’re working hard to continue growing the product with all the positive feedback we’re receiving.
@atlist @james394 @Jan_Przysucha
Hi guys, we currently have a beta developer feature that allows you to protect an API endpoint. It’s not a package or library, but merely a way to gain access to a JWT token that contains member info that you can pass to your API.
Server side you can verify the signature of the JWT token to ensure that Memberstack was the party that set it.
Contained in the JWT includes basic member info along with the membership ID.
Please DM me, or send me an email at firstname.lastname@example.org for instructions on how to use. It’s a beta feature, so don’t want to post publicly just yet.