Your application can use the Backendless API to access data, run searches, and store, update and delete objects in the database. When users authenticate themselves with the backend, all subsequent API calls are executed on the behalf of the logged-in user.
In a Backendless backend, you can restrict access to API operations and/or application data. A restriction may apply either to specific users or to roles. When a restriction applies to a role, it automatically applies to the users in that role.
In another post, we covered user registration API, delivery of the welcome email upon the registration, login API, and the ability to enable/disable user accounts. The user management feature highlighted in this post focuses on changing a user’s password in Backendless Console.
Now that you know how to register and login users for your application, you might be wondering what degree of control over user accounts you have with Backendless. As a developer of a Backendless-powered app, the Console is the ultimate tool where you can control all aspects of your app, including user management.
In another post, we described how to restrict access to all data for “guest” users. The Backendless security model lets you control access to data tables, or more generally “asset containers”, at the role and operation levels. That means an application developer can set up security restrictions for API operations on a specific data table…
A user on StackOverflow asked how to load only the data that belongs to the currently logged-in user. This is indeed an interesting and very common use-case. Backendless handles it beautifully and this feature certainly deserves a place among our Recipes.
Every data object saved in Backendless has its own access control list (ACL). An object’s ACL includes permissions for users and roles for all data service operations. Using ACL, an application may be configured to allow users (and/or roles they belong to) to execute Data Service API calls.
Today we’re going to take another look at data security configurations in Backendless. In this article, we will talk about how to restrict direct access to your data via API and only expose your custom API endpoints.
One of the final steps before you release an app is to setup proper security. Specifically, the security of your File Storage is perhaps the most important since it may contain your business logic code (Cloud Code), your public website data, your logs, and any other assets that you probably do not want anyone from…