What is recommended way to secure API express REST url's?

[Guus Vorsterman]

I setup a db connection in api express and created a service for a rest url.
When I look in the browser I see the call to the url and can be run outside the app.

https://appery.io/apiexpress-api/rest...

What is common practice to secure these url's?

In API Express settings there is the option to "Allow only authenticated users to call REST API" Tested this and it works.

If called I get:

"{"code":"MS002","message":"Incorrect or absent X-Appery-Session-Token header","status":"FORBIDDEN"}"

Does this work for all api express rest url's? How can you give only 1 user access to specific url's?

On page https://devcenter.appery.io/documenta...
I see that "Security Context ((Not supported in beta) – a generic security service running JavaScript code before or after the REST service execution."

Does this mean that, when available, you can also secure access to url's using the before js code to check which user is logged in and deny or grant access?

[Alena Prykhodko]

Hello Guus,

We are working on it.
I will let you know when have more information from development team.

[Alena Prykhodko]

Dear Guus,

This is something we are going to add in the future.

For now this can be implemented only for created user.
It means, you have logged in user and if someone logs in with these predefined credentials access is granted, otherwise - not.
After log in you store user name, check it with created, if they are equal you can call REST via JavaScript.