I was asked to make a support thread about this. :)

Hey everyone!

I've been delving into the server-side Next.js SDK and I was wondering if there's a JavaScript senseis around here to clarify something.

Currently, I've got a small demo server file set up to retrieve account/session data and whatnot: https://paste.mozilla.org/6sZzqPwv

Additionally, I've created a simple account page that requires some client interaction: https://paste.mozilla.org/vPh4O7s3

As you can see, the account page functions as a client-side component, reaching out to a server function to fetch user data. In other words, the server component for fetching user data is inside a client component.

My question is: Is this approach considered safe? I understand this might be more of a Nextjs-related question, but I'm still getting the hang of all this, any guidance would be greatly appreciated.

TL;DR

Developers are advised to use the web SDK in the client-side and the Node SDK in the server-side to avoid exposing credentials. Remember that `NEXT_PUBLIC_` environment variables are visible in the browser, while others are not. Regarding the server-side Next.js SDK and client-side interaction safety concern, the approach of having a server component for fetching user data inside a client component is generally safe as long as credentials are handled securely and not exposed to potential threats.

I think it's a common path, you just have to use the web sdk in the client side and the node sdk in the server, make sure to not expose any credential, remember that NEXT_PUBLIC_ environment variables are visible by the browser and any other without that isn't

Reply to this thread by joining our Discord

Reply on Discord

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more

Recommended threads

Need support?

Join our Discord

Get premium support