Hi,
Is there a way to avoid creating new tables from the client in the backend?
If someone malicious get the API keys, might be able to spam the database with lot of new tables!
You can set DENY permissions for NotAuthenticatedUser for all tables. Check here https://backendless.com/documentation/users/rest/users_global_permissions.htm
And what about AuthenticatedUsers?
A malicious attack could consist of:
1.- Register new user
2.- Start creating new tables
Maybe by doing some custom Server-code validation is the right answer? ie. if an authenticated user tries to creates a table -> respond with an error from the server