We are tech-agnostic here - my view is that the best tool for the job depends on the job. With that being said, what tool do you find yourself using the most? This could include Zapier, N8N, and more! Which of the following tools do you use most frequently in your work?

DISCLAIMER: I'm not a security expert at all, so takes everything I say here with a gram of salt and do your own research! Apart from securing your endpoints with security measures (like Xano Auth Tokens), I found some other concerns you may have when building webapps. The easy and basic (no-brainer recommendations): 1. Xano automatically builds CRUD operations (without authentication) for each table you create. Unless you need them, turn that option off (on the new table menu). If you don't, anyone with your Xano URL (which may be obtained from your frontend) can call them (guessing the table name, such as "user" or "payment" or "property" or whatever you called them) and do funny stuff like read all your records, use the ids to delete them, or edit them, or create new ones without any of your logics. 2. Unless you need them to be public, hide all your API docs; same as the past example. If someone has your XANO URL, and you don't turn off your API docs, they have a guide on how to call your APIs on your behalf. This is especially concerning if you don't set authentication for each API that does sensitive stuff, which takes us to the next tip. 3. Secure all your endpoints that return info or do sensitive operations on your backend, but more than that, only return info to an auth token about the id saved inside the auth token. For example, if you have an API that returns the property of a user, don't query by a given user_id on the JSON body, but by the user_id stored on the authtoken! Xano uses JWT encoded tokens, which means that the auth tokens can contain info, and they contain the id of the user by default, so ALWAYS query by that. If you don't, anyone with an authtoken can trigger APIs on behalf of other users just by changing the user_id on the JSON body. 4. Encrypt any sensitive data on your db (such as card numbers, or user identification documents, etc.), or even better, don't save any sensitive data at all. Research if you can make that save payment method process without actually saving the user card details, the majority of vendors (such as Stripe) allow you to handle tokens that represent user payment data, but they handle the actual payment data (and more than probably, they are better at doing so). 5. Be careful with how you save the authtoken on the frontend and give each token a short life (I think the default 1 day is ok for most, but depending on your project, you may require longer or shorter).

Today I spent a lot of time reading the WeWeb docs and then I built this unstyled app that connects to an external api to dynamically render content on the page. Here is the link to the api if you want to play around with it yourself https://owen-wilson-wow-api.onrender.com/

Hola Grupo, alguno de habla español? Me sería mucho más cómodo y dinámico si alguno habla español... caso contrario, no hay problema, sigo en inglés. Saludos!!

I played with Claude over the weekend and got my webflow form data to send to my Xano backend without using wized. I recorded a video showing the demo and I wrote a blog post that shares the code I am using to intercept webflow form submission so that it lands in my xano backend. I usually use wized to connect my form data to xano but this time I just pasted javascript into the body tag on the page with the form. Here is the blog post with the code