Security Question and parallel processing

coder911 · April 16, 2025, 11:00pm

My app uses webhooks for all the database interactions for security.

Currently I have client actions that make the API call to the webhooks and get the response from the automations on the server side.

My question is whether in my app should I be using actions or server actions to make the API calls. My thinking was my actions could use JS to send the paramaters for the API call to the server action in the app and that action would proxy the API call as to not expose the webhook to the client side. My question is around performance.

Currently since my client actions are making the API calls they can do so concurrently. If i change to proxy them through a server action in the app I think I would have to make the call to the proxy action in serial which could have a impact on performance. I am curious as to the community thoughts on what to do here… If a server action in the app is running from a {{actions.serveraction.trigger()}} command… does it have to wait until completion before another action can call it? if I use async on the calls would the one action be able to process calls independtly of one another??

Max · April 17, 2025, 8:38am

Hi @coder911,

It makes perfect sense to use Server Actions for sensitive API calls. In some of my apps, I have split up the API calls into ones that don’t exchange sensitive data and ones that do. The sensitive ones are called by Server Actions, whereas non-sensitive ones I call by “the normal” client Actions.
So I can strongly recommend and do encourage the use of Server Actions for sensitive data and generally for security.

As for the performance question, it shouldn’t make that much of a difference. All Actions and Server Actions are inherently asynchronous. So if multiple are called without the await keyword, they will run in parallel.

You can easily test this for yourself. For example, I have 3 Actions that look like this:

// action<n>
await new Promise(resolve=>setTimeout(resolve,1000));

Then have an Action call all of them:

// runActions
{{actions.action1.trigger()}};
{{actions.action2.trigger()}};
{{actions.action3.trigger()}};

When executing runActions, you can look at the actions in the list and see that they’ll run simultaneously:

async_actions1
Notice here: because they’re asynchronous, runActions will be finished before all the triggered actions

If we add await in front of each action trigger, it will look like this:
async_actions_await

The same goes for Server Actions:

async_server_actions
async_server_actions_await

The only notable difference in performance from what I’ve seen, is that Server Actions take a fraction of the time longer, due to communication between client and server, but it’s not that impactful to be honest.