I want to create an SPA where frontend javascript send requests to backendless.
For REST, a secret key is required. But the key is exposed to client users, which does not seem to be a good idea.
What is the normal way to create one?
Hello,
The term “secret key” is somewhat misleading. It really should be called “API Key”. You do not need to hide it. Instead, Backendless gives full security control over your data, files and messages. You need to use the built-in user/roles-based security mechanism to protect your app.
Hope this helps.
Regards,
Mark