Forum | Appery.io

Catch up wih the Appery.io community on our forum. Here you'll find information on the lastest questions and issues Appery.io developers are discussing.
https://forum.appery.io/

Adding security to external call to Appery database collection's Rest API

https://forum.appery.io/viewtopic.php?t=7696

Page 1 of 1

Adding security to external call to Appery database collection's Rest API

Posted: Mon Dec 15, 2014 5:43 pm
by Woody

I have a collection called "contacts".

It has an ACL column that is made read, write only for the user who has created it.
It also has an "owner" column - a pointer back to the users collection. In the Appery app I use both the ACL as well as a "where" clause with the owner info.

I'd like to access the contacts collection from another application (external app / server)

  1. Is there a way to generate a session token for a known user to whom I can grant read for all the records?

  2. Assuming "NO" to question 1, is there a way to secure the REST call to Appery collection using some basic authorization header?

    Thank you!

Adding security to external call to Appery database collection's Rest API

Posted: Tue Dec 16, 2014 5:08 am
by Yurii Orishchuk

Hi Woody,

Basically yes.

  1. you can specify ACL in create service with following value:

    pre

    {"currentUserId": {"read": true, "write": tree} }

    /pre

    In this case only user with this id could access (read/write/delete) this item.

  2. Only way to get this item without token is to use DB Master key.
    read more here http://devcenter.appery.io/documentat...

    I can recommend you to use server code for this goal.

    More details here: http://devcenter.appery.io/documentat...

    Regards.

Adding security to external call to Appery database collection's Rest API

Posted: Tue Dec 16, 2014 5:12 am
by Woody

Thanks. I didn't know about the DB Master Key.

All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited