Calling Cloud Service with REST Api key

nike-teo · January 31, 2023, 10:08pm

Hi!

I would like to call a Cloud Code Service from a trusted server. I’ve disabled all the permissions except RestUser permission and would like to use REST Api Key for accessing it.

I’ve tried many things, something like

curl -X "POST" "https://welcomecake.backendless.app/api/services/User/someService" \
        -H 'application-id : APP_ID' \
        -H 'secret-key : REST_API_KEY' \
        -H 'Content-Type: application/json' \
        -H 'Accept: application/json'

but it does not work, returns

{"code":14008,"message":"Access denied","errorData":{}

How can I do it in a better way? Thanks!

Inna_Shkolnaya · February 1, 2023, 7:20am

Hello @nike-teo

When you make a call, there will be 2 roles involved at once - the Authenticated/NotAuthenticatedUser and the role of that API key. In your case, you have GRANT permission for the RestUser role and DENY permission for the NotAuthenticatedUser role. Therefore, access is denied.

Regards,
Inna

nike-teo · February 1, 2023, 9:48am

Hi Inna,
thanks for your response!

But then, if I give access to NotAuthenticatedUser role, I don’t need any keys at all.
I can just call

curl -X "POST" "https://welcomecake.backendless.app/api/services/User/someService" \
        -H 'Content-Type: application/json' \
        -H 'Accept: application/json'

and it works fine. How can I make use of those REST Api Key, to secure my service? Or maybe there is another way to do it, using some auth headers? Thank you!

Best,
Nick.

Inna_Shkolnaya · February 1, 2023, 9:59am

This is because your generated domain uses a RestAPI key. You can change the key for the domain here

Regards,
Inna