Backendless

Today we’re going to take another look at security configurations in Backendless. In this article, we will talk about how to restrict direct access to your data via API and only expose your custom API endpoints.

One of the final steps before you release an app is to setup proper security. Specifically, the security of your File Storage is perhaps the most important since it may contain your business logic code (Cloud Code), your public website data, your logs, and any other assets that you probably do not want anyone from…

It is common for developers to build apps where users will have varying access to data and features within the app based on the user’s role. Being able to limit user access is important to data security, user management, and often, the financial success of the application. This is because user access is commonly tied…

One of the most powerful features that Backendless has available is the capability for you to implement your own License Manager for creating and checking licenses for your product/customers. In this article, we will touch on some Backendless services such as data management and Business Logic (Cloud Code) and we will use one of the Backendless Client SDKs. Setup Backendless Login to your Backendless…

In another post, we described how to adjust an object’s access control list (ACL) using Backendless Console. As we mentioned, in addition to Backendless Console, the object’s permissions can be controlled using API. In fact, for any persistent object, Backendless supports the following capabilities: Granting/rejecting permission to execute a find/save/update/delete operation on an object based…

Every data object saved in Backendless has its own access control list (ACL). An object’s ACL includes permissions for users and roles for all data service operations. Using ACL, an application may be configured to allow users (and/or roles they belong to) to execute Data Service API calls. For example, in a shopping app, you…

Once a user of a Backendless-powered app logs in, a session is established. For a variety of reasons, including application security, it is best not to allow users to remain logged in indefinitely. Therefore, every session has an inactivity timeout timer that is reset with every new API call made within the session. When the…

In another post, we described how to obtain a file’s public URL using Backendless Console. Even though anyone can obtain a public URL for a file or directory, it is very easy to change the permissions to restrict file download for anonymous (not authenticated) users. To restrict access: Login to Backendless Console, select an app…

A user on StackOverflow asked how to load only the data that belongs to the currently logged-in user. This is indeed an interesting and very common use-case. Backendless handles it beautifully and this feature certainly deserves a place among our Recipes. What you need to know before we get to the coding sample part is:…