Hi Dongzhi,
Unfortunatly secure proxy was designed for other goal(access sensitive information in 3rd party API) and it's not suitable for your case.
You can implement it with following plan:
1 Add other collection like "userAccount", add to this collection needed fields(like credits).
2 Add to your Users collection field "account" which is pointer to "userAccount" collection.
3 When you creating a user(sign up) you need to create item in "userAccount" collection and put this item inside just created User.
4 Make new item in "userAccount" collection - ACL field to be "{}" - (no one could access this item). Or give "read" access for current user.
5 When you need to change "userAccount" row you can use server script with "Master key" using to access any row in your "userAccount" collection.
Regards.