Custom Subdomain For Every App
Your API endpoints and published app’s URL are now much simpler and more visually appealing with custom subdomains for all Backendless apps. Not only that, but your app ID and API key are now much better protected.
Every new app created in Backendless now gets its own custom subdomain under the backendless.app domain. You can use this subdomain to host your app both during development and even after publication if you so choose. This subdomain can also be used as the endpoint for all of your APIs as well.
When your app is created, a random subdomain name will be assigned to it. In a future release, we will be providing you with the ability to choose from five different subdomain options.
To see your subdomain in Backendless, in the BACKEND section, visit Manage > App Settings > Custom Domain:
Note: You don’t have to do anything to setup the free subdomain. No need to mess with CNAME DNS records.
Also note, however, that your backendless.app subdomain cannot be changed. You can replace the custom domain with a domain you own, but you cannot modify the auto-generated subdomain name itself.
Custom Subdomain For More Secure API Calls
Your subdomain can be used for all API requests, removing the need to include your application ID and API key in the request URL. Detailed documentation on this feature is coming soon.
The greatest benefit of this new system is that it enables you to hide your app’s ID and API keys in API calls. While our roles-based security system fully protects your app from intrusion, some developers still voice discomfort with the fact that their keys are publicly visible in API request URLs.
Previously, your API calls would look like this:
https://api.backendless.com/APP_ID/API_KEY/...
As you can see, your app ID and API keys are exposed. Now, with a custom subdomain, you can make API calls that look like this:
https://SUBDOMAIN.backendless.app/api/...
No keys or IDs are visible at all. To easily make an API call, you can use the REST Console in Backendless Database to get the request details.
For example, let’s say we want to see all of the data in the Users table. When you visit the REST Console for this table, here is what you see:
Simply copy the request URL (arrow above) or select and copy the /data/Users text (box above) and use it to create the API request using your custom subdomain.
https://SUBDOMAIN.backendless.app/api/data/Users
(SUBDOMAIN will be your app’s custom subdomain.) You can paste the request URL in your browser to test the response.
Existing Custom Domains
Of course, many developers already have a domain name reserved for their application. So what happens if you replace the auto-generated subdomain with your own domain?
With your own domain, you still receive the benefits of protecting your app ID and API keys thanks to this new release. For API requests, simply replace the SUBDOMAIN.backendless.app domain with your own. From our previous example:
http://yourdomain.com/api/data/Users
All new Backendless apps can now take advantage of custom subdomains. We’d love to hear what you think in the comments below or on our Slack channel or support forum.
Check out the other new features added in version 6.4:
- Comments in Backendless Console
- Breadcrumbs in Data Browser
- Related object display for 1:1 relations
- Roles-based database column visibility
Thanks for reading and Happy Codeless Coding!
You guys rock. Keep up the great work.