Is it secure to include the 'admin' api in the 'standard' trpc api?
I'm building a standard B2B app, which obviously has a trpc api.
I'm looking to add an admin area, which allows me to manage the B2B customers.
This will include tasks, like listing the customers' (confidential) data.
Obviously the api route itself is going to be protected by authentication, but I still obviously wouldn't want normal users,
to see which apis are exposed at which endpoint.
Are the 'admin routes' automatically tree-shook, or would they be visible to the customers?
And if they are, what would be the alternative?
I'm looking to add an admin area, which allows me to manage the B2B customers.
This will include tasks, like listing the customers' (confidential) data.
Obviously the api route itself is going to be protected by authentication, but I still obviously wouldn't want normal users,
to see which apis are exposed at which endpoint.
Are the 'admin routes' automatically tree-shook, or would they be visible to the customers?
And if they are, what would be the alternative?
Similar Threads
Was this page helpful?
