API for clients/customers

I’m seeking guidance on enabling external users to access specific tables from my BL application through an API. What would be the optimal approach for ensuring secure access? My goal is to allow users to access their respective tables stored within the BL system via the API, while maintaining robust security measures.

multiple users, multiple tables.

Hello, @LetMeTest.

You need to check out these articles:

1. About data security: - Security - Backendless REST API Documentation
2. Permissions: - Permissions API - Backendless REST API Documentation
3. Roles and roles permissions: - About Roles - Backendless REST API Documentation

Regards, Nikita.

I have read those articles. Let me ask my question differently.
Is it necessary to provide external users with the main BE API URL? Will the URL be the same for everyone, or is it better and safer to generate it dynamically for each external user? How do users authenticate to the URL - through a user-token or another protocol? If a user-token is used, how do users obtain it?

Hello @LetMeTest

What does mean main BE API URL?

If Role is assigned when API uses secret key:
Documentation - About Roles
for different Security Role is different URL which used Android secret key, iOS secret key…

User authenticate through a user-token.
Documentation - Maintaining User Session

Regards,
Vladimir

Also with the help of the Backendless REST CONSOLE and browser inspector network, you can experiment with changing the URL and request headers with user token when changing the API Keys, user login.

inspect1764×852 164 KB

Regards,
Vladimir