Hello FF Community!
I've integrated FlutterFlow with Supabase. My application is designed for Android and iOS platforms, not for the web. The app displays some public data from Supabase for all users (even if not authenticated). (So the RLS on Supabase is read-only for the public).
FlutterFlow works with Supabase by making API calls using the unique URL provided by Supabase, something like: https://XXXXXXXXXXXX.supabase.co
But how does FlutterFlow actually secure this to prevent users from reverse-engineering to get that API Endpoint to prevent any data leak or more ?
(I think it's possible to find this URL in the web console, where you can see the API calls made).
I want to prevent users from manipulating the API to extract the entire database, and so on.
I think for example Firebase App Check is securing that for Firestore public access ? Checking if the API is executed on the app and real device for example.
I saw some tools to secure FlutterFlow apps, but I'm not sure about their scope and reliability.
How do you guys do ?
Kind regards