Can I expose API service created using API engine to external parties (i.e. normal webclients, and not users of my app).
I need to provide users to invoke particular operation (password reset) - by sending SMS to given short number. So, can I provide the SMS short code provider with custom POST/PUT request against API service ?
The API are exposed automatically. As long as your SMS provider uses the URL endpoint, proper request headers and body, they should be able to invoke the methods.
thanks, got it … but I see that we will need to share the ‘app id’ and the ‘secret key’ too - do you see it as any security issue, can it be mis-used ?? Is there any workaround, that can help to not share the same ??
No, it is not a security issue, it is access to your API. The proper name for “secret key” is “API key”. This is not what makes your app secure. Securing an app comes from establishing proper permissions for your tables, users, files and API operations.