User metadata hidden from user

Is it possible to store user metadata only accessible to Netlify Functions? That is, not included in app_metadata or user_metadata sent to client upon login.

You can store anything you like in a function - we don’t allow “download” of that source code by visitors, so it is a safe place to store sensitive data. Not sure what your data source is, but you could hardcode it directly (for instance:, or you could make an API call from your function to retrieve e.g. a userID from a server of yours, based on something about the visit (e.g. a cookie set).

1 Like


My data source is FaunaDB. The function I’m setting up is serving as a graphql endpoint using schema stitching that forwards some requests to FaunaDB.

The information I would like to keep track of is the individual users FaunaDB access tokens. In theory there could be thousands of those. But since functions are supposed to be stateless (right?), storing that data at the function level is probably not a good idea. Unless there is some sort of session storage available to functions?

Yea, you won’t want to store a large number of data in a lambda function nor is there any session storage. What you’ll probably want to do is store it your information in your database and using a lambda function as a ‘go-between’ to access that database. This ‘go-between’ approach is just so you don’t have any API keys in your client-side code.

Let me know if that makes sense.

1 Like

That makes sense, thanks. The setup you are describing is the one I’m using right now, with a lambda function serving as “go-between”. The lambda function needs to have access to each users individual access token before doing the “go-betweening” though. Possibly I’ll setup a redis db as “session store” for keeping track of that data.

1 Like

let us know how you end up approaching this - that’ll definitely be interesting for other people.