Hello, i'm a newbie programmer. I wanted use the Dashboard recipe but i have security concerns. For instance when SuperTokens is first up, anybody could register an account. To solve this, i could use the

API_KEYS

env variable when creating SuperTokens core, do you think this would be enough? Or, if not, can i just simply execute sql queries within the MySql container to get user info? Also, this might be a stupid question but the sign up thing wouldn't expose my api key right? (in the picture) (sry i could try it real quick my pc is very slow for docker :S)

you could add an API key to the core and then only you can create accounts. The API key would not be exposed.. it's never sent to the frontend.

yeah but my backend will be available to all users. so people can access http://backend/auth/dashboard but still, do you think assigning an api key would be secure enough? or should i just play it safe and not use dashboard recipe at all and just run sql queries within the docker that supertokens is using?

> so people can access Yea.. but people can't login or create users. > but still, do you think assigning an api key would be secure enough? Yea.. tons of services do this. So it should be fine.

okay i thank you a lot i love you for all your help have a blasting day