I just double checked and the function is on Application Authentication as we need some info about the user calling it anyway. Rules and schemas should be fine as I tried the same query from the frontend but from there it was rejected due to schema validation. I’ll look further into it and double check everything.