Xano Documentation
  • 👋Welcome to Xano!
  • 🌟Frequently Asked Questions
  • 🔐Security & Compliance (Trust Center)
  • 🙏Feature Requests
  • 💔Known Issues
  • Before You Begin
    • Using These Docs
    • Where should I start?
    • Set Up a Free Xano Account
    • Key Concepts
    • The Development Life Cycle
    • Navigating Xano
    • Plans & Pricing
  • The Database
    • Designing your Database
    • Database Basics
      • Using the Xano Database
      • Field Types
      • Relationships
      • Database Views
      • Export and Sharing
      • Data Sources
    • Migrating your Data
      • Airtable to Xano
      • Supabase to Xano
      • CSV Import & Export
    • Database Performance and Maintenance
      • Storage
      • Indexing
      • Maintenance
      • Schema Versioning
  • 🛠️The Function Stack
    • Building with Visual Development
      • APIs
        • Swagger (OpenAPI Documentation)
      • Custom Functions
        • Async Functions
      • Background Tasks
      • Triggers
      • Middleware
      • Configuring Expressions
      • Working with Data
    • Functions
      • AI Tools
      • Database Requests
        • Query All Records
          • External Filtering Examples
        • Get Record
        • Add Record
        • Edit Record
        • Add or Edit Record
        • Patch Record
        • Delete Record
        • Bulk Operations
        • Database Transaction
        • External Database Query
        • Direct Database Query
        • Get Database Schema
      • Data Manipulation
        • Create Variable
        • Update Variable
        • Conditional
        • Switch
        • Loops
        • Math
        • Arrays
        • Objects
        • Text
      • Security
      • APIs & Lambdas
        • Realtime Functions
        • External API Request
        • Lambda Functions
      • Data Caching (Redis)
      • Custom Functions
      • Utility Functions
      • File Storage
      • Cloud Services
    • Filters
      • Manipulation
      • Math
      • Timestamp
      • Text
      • Array
      • Transform
      • Conversion
      • Comparison
      • Security
    • Data Types
      • Text
      • Expression
      • Array
      • Object
      • Integer
      • Decimal
      • Boolean
      • Timestamp
      • Null
    • Environment Variables
    • Additional Features
      • Response Caching
  • Testing and Debugging
    • Testing and Debugging Function Stacks
    • Unit Tests
    • Test Suites
  • CI/CD
  • File Storage
    • File Storage in Xano
    • Private File Storage
  • Realtime
    • Realtime in Xano
    • Channel Permissions
    • Realtime in Webflow
  • Maintenance, Monitoring, and Logging
    • Statement Explorer
    • Request History
    • Instance Dashboard
      • Memory Usage
  • Building Backend Features
    • User Authentication & User Data
      • Separating User Data
      • Restricting Access (RBAC)
      • OAuth (SSO)
    • Webhooks
    • Messaging
    • Emails
    • Custom Report Generation
    • Fuzzy Search
    • Chatbots
  • Xano Features
    • Snippets
    • Instance Settings
      • Release Track Preferences
      • Static IP (Outgoing)
      • Change Server Region
      • Direct Database Connector
      • Backup and Restore
      • Security Policy
    • Advanced Back-end Features
      • Xano Link
      • Developer API (Deprecated)
    • Metadata API
      • Master Metadata API
      • Tables and Schema
      • Content
      • Search
      • File
      • Request History
      • Workspace Import and Export
      • Token Scopes Reference
  • Xano AI
    • Building a Backend Using AI
    • Get Started Assistant
    • AI Database Assistant
    • AI Lambda Assistant
    • AI SQL Assistant
    • API Request Assistant
    • Template Engine
    • Streaming APIs
  • AI Tools
    • MCP Servers
      • Connecting Clients
      • MCP Functions
  • Xano Transform
    • Using Xano Transform
  • Xano Actions
    • What are Actions?
    • Browse Actions
  • Team Collaboration
    • Realtime Collaboration
    • Managing Team Members
    • Branching & Merging
    • Role-based Access Control (RBAC)
  • Agencies
    • Xano for Agencies
    • Agency Features
      • Agency Dashboard
      • Client Invite
      • Transfer Ownership
      • Agency Profile
      • Commission
      • Private Marketplace
  • Enterprise
    • Xano for Enterprise
    • Enterprise Features
      • Microservices
      • Tenant Center
      • Compliance Center
      • Security Policy
      • Instance Activity
      • Deployment
      • RBAC (Role-based Access Control)
      • Xano Link
  • Your Xano Account
    • Account Page
    • Billing
    • Referrals & Commissions
  • Troubleshooting & Support
    • Error Reference
    • Troubleshooting Performance
      • When a single workflow feels slow
      • When everything feels slow
      • RAM Usage
      • Function Stack Performance
    • Getting Help
      • Granting Access
      • Community Code of Conduct
      • Community Content Modification Policy
  • Special Pricing
    • Students & Education
    • Non-Profits
  • Security
    • Best Practices
Powered by GitBook
On this page
  • UUID
  • Create Authentication Token
  • Validate (Check) Password
  • Generate Password
  • Random Number
  • Create Secret Key
  • Create RSA Secret
  • Create Elliptic Curve Key
  • JWE Encode
  • JWE Decode
  • JWS Encode
  • JWS Decode
  • Encrypt
  • Decrypt
  • Examples
  • Using an external key

Was this helpful?

  1. The Function Stack
  2. Functions

Security

Last updated 1 month ago

Was this helpful?

Security functions are a mix of helper functions and cryptography/encryption functions to bring added security to your function stack and application.

  • - Generate a globally unique identifier.

  • - Create a Token used for Authentication.

  • - Validate a match against a hashed password.

  • - Generate a password.

  • - Generate a random number

  • - Create a secret key.

  • - Create a RSA secret.

  • - Create Elliptic Curve key.

  • - Encode a payload as a JWS token.

  • - Decode a JWE token.

  • - Encode a payload as a JWS token.

  • - Decode a JWS token.

  • - Encrypt a payload as raw binary data.

  • - Decrypt a payload to its original form.

UUID

Generate a globally unique identifier. The industry standard UUID (Universally Unique Identifier - version 4) i.e. 9bcc06a9-9782-4859-a69f-778a7f28d666

Create Authentication Token

  • dbtable: Refers to a database table that has authentication enabled. Select the table you wish to authenticate against

  • id: The ID to be stored in the token. Typically, this is a user ID, which you will get from a user record.

  • expiration: The amount of time, in seconds, the authentication token will last. You can set this to a very large number if you don't plan on having the token expire.

  • Return variable: Contains the output of the created authentication token.

Validate (Check) Password

Return the result of a plaintext password matching a hashed password.

Generate Password

Generates a password.

  • character_count - Number of required characters

  • require_lowercase - True/false if lowercase characters are required.

  • require_uppercase - True/false if uppercase characters are required.

  • require_digit - True/false if a numerical digit is required.

  • require_symbol - True/false if special symbols are required.

  • symbol_whitelist - Optionally whitelist a symbol.

  • Return variable - Returns the generate password in a variable.

Random Number

Generate a random number.

Create Secret Key

Create RSA Secret

Create Elliptic Curve Key

JWE Encode

Encode a payload as a JWE token.

JWE Decode

Decode a JWE token.

JWS Encode

Encode a payload as a JWS token.

JWS Decode

Decode a JWS token.

Encrypt

Encrypt a payload as raw binary data.

  • Data - add the data or payload that you want to encrypt

  • Algorithm - choose between six algorithms (cbc or gcm)

  • Key - A key can be generated from one key generating function or you can insert raw text as your key. This same key will be needed to decrypt the data.

  • IV - This is either 16 or 12 characters depending on your algorithm (cbc requires 16 characters and gcm requires 12). This information should be kept hidden in an env variable. If you are sending encrypted data to someone, then they would need to know this.

Tip: For certain use cases when passing the encrypted value through a URL, it is recommended to use the base64_encode_urlsafe filter.

Decrypt

Decrypt a payload to its original form.

Examples

JWS Encode/Decode Example

Using your own key

We can use our own encryption key when encoding and decoding JWS.

First, use the Create Secret Key function to generate a secret key.

It's a good idea to store the key in a safe, reusable place such as in an environment variable. Click the copy result button on the result of the secret key.

Navigate to the settings page and add your secret key as an environment variable.

Next, use the JWS Encode function to encrypt a payload. In this example, we will encrypt a simple text string.

Be sure to use the secret key stored in the environment variable as the key.

Optionally add a ttl or time to live if you want the token to expire.

The result is an encrypted JWS token.

To decode the JWS token, we must make sure to use the same key used for encrypting it.

The result is our decrypted message.

Using an external key

Sometimes you may be using a service that requires you to decode or decrypt a JWS token. Like the above example, it is recommended that you store the key in an environment variable for safe keeping and so that you may call it wherever you may need it in your workspace.

When decoding the JWS from the external source, be sure to use the environment variable as the decryption key.

Ensure the algorithm matches what's defined from the external source.

Time drift helps account for a leeway if clocks are not aligned. Consider a time drift if there is an expiration on the JWS.

JWE vs JWS

The main difference between JWE and JWS is one is able to be seen but not tampered with and the other is encrypted and not tampered with. JWS is able to be seen (with the right decryption) but not tampered. JWE is encrypted and not tampered with.

Example using JWT.IO

We can use jwt.io to see an example of the difference between JWE and JWS.

First let's encode a JWE token.

When we place the resulting JWE token into jwt.io, we can see that the result is an encrypted payload.

Next, let's generate a JWS token in Xano.

When we place the resulting JWS token in jwt.io and match up the correct algorithm, we are able to see the payload.

Create a Token used for Authentication. Authentication is an important concept in app building, you can read more about it .

extras: Extras allow you to store additional data in the authentication token. An example of this may be a user's role. Use the SET filter to define a path and the value of the extra. .

🛠️
here
UUID
Create Authentication Token
Validate (Check) Password
Generate Password
Random Number
Create Secret Key
Create RSA Secret
Create Elliptic Curve Key
JWE Encode
JWE Decode
JWS Encode
JWS Decode
Encrypt
Decrypt
Examples and additional content
Read more about extras