Calling server code from static pages

There is a video on youtube from June of 2015 (hosting scripts with node.js in backendless)

The video describes a folder /web/scripts with hello.js and a folder
/web/scripts/examples

These are no longer present.-- Is node still supported?

Basically what I want to do is take my static html pages and do registration/login

I know you can use the templates and the codeless blocks to do that but the static pages I have look exacty like what I want them to look like. I don’t know the screen designer well enough to reproduce the look using the drag and drop designer.

So it comes down to three questions

  1. Can i call a script from my static page /web/signup.html?

  2. Can I call nocode blocks from my static page instead?

  3. If I put my api keys in the script, are they secure or is there some kind of an env variable I need to set up. i.e. are the scripts and/or html pages I post to from my static page not servable and protected so that my keys are not compromised?
    .
    Thanks in advance

Paul McPherson

Hello @Paul_McPherson,

Thanks for your questions!

Support for running scripts with node.js inside web/scripts folder was removed long ago in favor of using much more powerful Custom Business Logic.

Some articles on this topic:

https://backendless.com/docs/bl-js/

Can I call a script from my static page /web/signup.html?

Yes, you can do it. The Custom API Service is what you need.

Can I call nocode blocks from my static page instead?

Yes, you can. Custom API Services can be written using Java, NodeJS, or Codeless (which is also based in JS under hood).

If I put my api keys in the script, are they secure or is there some kind of an env variable I need to set up. i.e. are the scripts and/or html pages I post to from my static page not servable and protected so that my keys are not compromised?

The app id and API key(s) are not meant to be secure. They are used by the back to identify your app and the type of client which makes the request. What makes your backend secure is the security policy you put in place on the server-side. That includes how you establish permissions for different roles/operations, whether you disable access to the non-authenticated users, etc.
The only key you should not expose is the Coderunner (aka Business Logic) API Key. But you can invoke custom services using any other API key. The only reason why you should not expose the Coderunner API Key is that it can be used to deploy custom logic into your app.
You can find more information on how security works in Backendless in this article:

If you have any questions, do not hesitate to ask me here, I will be glad to answer you.

Regards,
Stanislaw

Thanks Stanislaw. The email was very helpful.

One quick question. I don’t have access to the email templates.

Is it because I am on the springboard plan or because I haven’t set up an email provider?

Thanks

Hello @Paul_McPherson

Are you talking about the email templates which is Console → Messaging → EMAILS?

No. Users → Email Templates

Describted on page: https://backendless.com/how-to-customize-email-address-confirmation-message/

Thanks

Paul McPherson

Your app on version Online Backendless 3.x?

I don’t know how to check app version

Paul McPherson

Hello @Paul_McPherson

Please provide your appId.

Can’t you change the email header or email body?
What is the name of a template that you cannot change?

My app is

39A850EE-537E-23B9-FFC4-BC2BBAA19000

Thank You

Hello @Paul_McPherson

Your app on version Online Backendless 6.x.

You may edit/configure your email templates by following path Console → Messaging → EMAILS.
Documentation: Email Templates

Regards,
Vladimir

Thanks Vlad -
I received a sucessful confirmation of registration email with the following link

https://api.backendless.com/39A850EE-537E-23B9-FFC4-BC2BBAA19000/443FC6BC-8B11-4A82-BA4D-5BC35667A9FB/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhcHBJZCI6IjM5QTg1MEVFLTUzN0UtMjNCOS1GRkM0LUJDMkJCQUExOTAwMCIsImV4cCI6MTYzNTU5NTE0OSwidXNlcklkIjoiN0RFM0M4MzMtNjEzMS00NDU1LUFCMTUtNTFENjJCRDgzMzZDIn0.C5yeuypFb54pTKqloUGIA2_JOMDuTvjPIwOMNrE2nxU/users/confirmation

i get the error message

{“code”:6007,“message”:“The specified resource was not found”,“errorData”:{}}

when I click the link

Thinking I needed to create a page called confirmation-confirmed, I did so in the page builder and published it.

It does not make any difference, I still get the error message

{“code”:6007,“message”:“The specified resource was not found”,“errorData”:{}}

What do I need to do?

Paul McPherson