1. The Token Economy
Your API token is the key to the kingdom. In RepoDB, tokens are stateless JWTs that carry permission data. This means validation is instant—no database lookups required for auth checks.
- Environment Variables: Never commit
.envfiles. Use secrets management in Vercel/Netlify/GitHub Actions. - Rotation Policy: Build a mechanism to rotate keys every 90 days. Our dashboard makes this easy: generate a new one, update your environmental variables, and then revoke the old one.
- Scope (Coming Soon): We are working on Read-Only tokens. This will allow you to safely expose a token to a frontend analytics dashboard without risking your data integrity.
2. Validating Input Before it Hits the DB
While parameterized queries prevent Injection, they don't prevent bad data. Validate incoming data in your application layer using libraries like Zod or Joi.
// Example using Zod
import { z } from 'zod';
const UserSchema = z.object({
email: z.string().email(),
age: z.number().min(18)
});
// Validate BEFORE calling db.execute
const result = UserSchema.safeParse(req.body);
if (!result.success) {
return res.status(400).json(result.error);
}
// Now it's safe to query3. Why SaaS is More Secure
When you host RepoDB yourself, you are responsible for DDoS protection, SSL certificate renewal, and firewall rules. On RepoDB Cloud, we sit behind enterprise-grade firewalls.
- DDoS Mitigation: We absorb traffic spikes so your database doesn't crash.
- SSL/TLS: All connections are forced over HTTPS with modern cipher suites.
- Physical Security: Our servers are hosted in SOC-2 compliant data centers.