Forge Developer

Forge Developer

Last updatedApr 7, 2021

Rate this page:

App context security

When using Forge, your app may have access to contextual information that originates from various sources. Since data originating from or passing through the browser can be altered or tampered with, it's important to understand which parts of this contextual information are guaranteed to be secure, unalterable, and thus valid to be used for authorization purposes.

When you use contextual information that is not guaranteed to be secure and unalterable, it is your responsibility to ensure that usage of this contextual information does not allow a customer to have any sort of unauthorized access. You may use the secure parts of the contextual information to determine and authorize access. For example, you can use the accountId in the custom UI resolver context payload to check a user's access to some content.

Custom UI

Contextual information is made available in custom UI via the resolver API.

Only license and accountId from the context parameter in each resolver function are guaranteed to be secure, unalterable, and valid to be used for authorization.

UI kit

Contextual information is made available in UI kit via the useProductContext hook.

Only license and accountId are guaranteed to be secure, unalterable, and valid to be used for authorization.

Rate this page: