How to protect API key and Application ID

with this link anybody can get the data , how to make it secure?
make secure request url in headers

Hello @Farhan007

I suggest studying this documentation - with its help you will be able to configure security for different users and actions.
https://backendless.com/docs/rest/users_user_roles.html
https://backendless.com/docs/rest/users_global_permissions.html
If you have any questions after studying the documentation, I will be happy to answer them.

Regards,
Inna

Hello @Farhan007,

also, I would like to add that the app id and API key(s) are not meant to be secure (except the CloudCode API Key, it’s the only one that should not be exposed to the client-side). They are used by the backend to identify your app and the type of client which makes the request. What makes your backend secure is the security policy you put in place on the server-side. That includes how you establish permissions for different roles/operations, whether you disable access to the non-authenticated users, etc.
The links above should help you with this.

Regards,
Stanislaw

Hey @stanislaw.grin , @Inna_Shkolnaya
we are not using login Authentication of backendless. my Authentication is different as SALM octa.

I this case how to handle this thing?

You have to say to Backandles in some way what the user the request came from is.
Then some logic (wrote by yourself) should say what to do with that request.

All this already implemented in the Backendless, and related to our User/Role ACL policy.

So you have to implement some part of ACL by yourself or think about synchronization users in the Users table on Backendless side. I think the second one will be simpler and more flexible in the future.