Live Chat

We'll need to share your messages (and your email address if you're logged in) with our live chat provider, Drift. Here's their privacy policy.

If you don't want to do this, you can email us instead at contact@anvil.works.

Uplink Security

Sometimes you want to connect a system to your app, but you don’t want to trust that system with your data. It might be an IoT device that could be easily compromised, or it might be a script running on a customer’s machine.

The Uplink has a mode that gives it the same privileges as client-side code. Client-side code needs to have its privileges locked-down because the user can control the code that runs in their browser. The same logic applies to untrusted Uplink code.

For that reason, you can use a special ‘client’ Uplink key that gives your script the more restricted privileges of client-side code.

The uplink dialog allows you to select both server and client authentication keys:

Part of the Uplink dialog, where you can select Server or Client versions of the Uplink.

You can use either one from different Uplink scripts - you can have separate server and client Uplink scripts connecting to your app at the same time.

Server uplink code (connected with the server key) has the same privileges as server module code. As well as calling server functions, it can access data tables, log users in, and register new server functions with @anvil.server.callable. Use the server key for trusted code.

Client code (connected with the client key) has the same privileges as code in your app’s Forms. It cannot access Data Tables unless they have been set to client-accessible, and it cannot register server functions. It can still call server functions, which allows you to selectively expose functionality by writing server functions that perform only the operations you’re willing to expose. This is the security best-practice that applies to Form code as well.