Forum | Appery.io

Hello,

You are right,

You can disable access to that collection to all users:

Or use Server code for users' registration feature. Could you clarify, What functionality do you need?

Hello,

I have unchecked those options in Users permissions, but I can still execute curl command and create a new row in user collection.

You are right, you don't need a session token for the login service, because login service provides you that. (If it used session token - you couldn't get access to that API)

Please specify the question, what are you trying to do? Do you want to disallow create users with the curl? It is impossible.

The question is in my first message.

So can anyone create rows if you know the database id?

The answer I assume is yes

If you know the db id one can create a script that creates thousands of rows.

We have reported it to our developers team and will get back to you with the update as soon as possible.
This can take some time.

\""password\"":\""p1\""}"" https://api.appery.io/rest/1/db/users /code So can anyone create rows if you know the database id? For custom collection there is a secure collection option. How should this be done for the Users collection? "

Hello Guus,

You are able to disallow to create users anywhere except Appery.io UI, by switching off it on Social connections tab:

Also you can use secure proxy (https://devcenter.appery.io/documenta...) for all your requests. Proxy will replace your key to the Database Id, so nobody can't get it's value. If you need to create users in your app - you have to create one more app, like an admin app.

\""password\"":\""p1\""}"" https://api.appery.io/rest/1/db/users /code/pre and it doesn't work at all. What headers parameters do you using for session token?"

\""password\"":\""u\""}"" https://api.appery.io/rest/1/db/users curl -X POST -H ""X-Appery-Database-Id: 56e68871e4b08356f82ded8c"" -H ""Content-Type: application/json"" -d ""{\""username\"":\""u2\""