I’m seeking guidance on enabling external users to access specific tables from my BL application through an API. What would be the optimal approach for ensuring secure access? My goal is to allow users to access their respective tables stored within the BL system via the API, while maintaining robust security measures.
multiple users, multiple tables.
I have read those articles. Let me ask my question differently.
Is it necessary to provide external users with the main BE API URL? Will the URL be the same for everyone, or is it better and safer to generate it dynamically for each external user? How do users authenticate to the URL - through a user-token or another protocol? If a user-token is used, how do users obtain it?
Hello @LetMeTest
What does mean main BE API URL?
If Role is assigned when API uses secret key:
Documentation - About Roles
for different Security Role is different URL which used Android secret key, iOS secret key…
User authenticate through a user-token.
Documentation - Maintaining User Session
Regards,
Vladimir
Also with the help of the Backendless REST CONSOLE and browser inspector network, you can experiment with changing the URL and request headers with user token when changing the API Keys, user login.
Regards,
Vladimir