Post Reply
Woody
Posts: 0
Joined: Thu Dec 04, 2014 2:37 pm

Adding security to external call to Appery database collection's Rest API

I have a collection called "contacts".

It has an ACL column that is made read, write only for the user who has created it.
It also has an "owner" column - a pointer back to the users collection. In the Appery app I use both the ACL as well as a "where" clause with the owner info.

I'd like to access the contacts collection from another application (external app / server)

  1. Is there a way to generate a session token for a known user to whom I can grant read for all the records?

  2. Assuming "NO" to question 1, is there a way to secure the REST call to Appery collection using some basic authorization header?

    Thank you!

Yurii Orishchuk
Posts: 0
Joined: Fri Feb 14, 2014 8:20 am

Adding security to external call to Appery database collection's Rest API

Hi Woody,

Basically yes.

  1. you can specify ACL in create service with following value:

    pre

    {"currentUserId": {"read": true, "write": tree} }

    /pre

    In this case only user with this id could access (read/write/delete) this item.

  2. Only way to get this item without token is to use DB Master key.
    read more here http://devcenter.appery.io/documentat...

    I can recommend you to use server code for this goal.

    More details here: http://devcenter.appery.io/documentat...

    Regards.

Woody
Posts: 0
Joined: Thu Dec 04, 2014 2:37 pm

Adding security to external call to Appery database collection's Rest API

Thanks. I didn't know about the DB Master Key.

Post Reply

Return to “Issues”