Password verification inside app

The only topics I’ve seen about this are several years old now, so I guess I’m asking for an up-to-date answer. I need to allow users to change their passwords within the app (that is, after having logged in), but before being able to do so they would need to verify their existing password for security reasons. Looking at the API documentation I found the following link however it says:

This functionality is available only in Cloud Code/Business Logic

Does this mean I am unable to contact the REST API from my client app in order to verify the user’s existing password? Why would that be the case?

The reason for this is it opens up a security hole if this functionality is available from the clients side. This is the type of operation that must be performed from a “trusted environment” and Cloud Code is that kind of environment. To initiate password verification from the client app, you’d need to create an API service that would verify the password and invoke that service from your app.

1 Like

Linking this related recent discussion:


Hey @Klaas_Klever, looking at the discussion you’re linking, I think using the login API would be a quick workaround (without me having to put together some custom business logic). In my case, I only allow users to login once (no multiple logins). Would it prevent the issue of multiple logins piling up? Thanks!

Hey @mark-piller, what’s the quickest way to implementing such service? Is it possible to wrap some simple code around the same Cloud Code endpoint? On that note about trusted environments, how do I ensure my client app counts as a trusted environment to Backendless?

I think you need to allow at least two simultaneous logins, if you use the login API for password verification.

How so? I would be just replacing their existing token with the new token received from the latest login.

Just try it …

1 Like

Did you end up creating your own API endpoint to verify the password?


Hey @Klaas_Klever, would you mind sharing some pointers on how you went about creating your own endpoint? Thanks!

The docu entry point is this: Backendless For Developers | Backendless Backend as a Service Platform
Specifically for JavaScript (which I’m using): Basic Quick Start Guide - Developing Backendless Server Code with node.js and Developing Backendless Server Code with node.js

As an alternative to JavaScript, you can use Java or the Codeless Block Logic: Backendless For Developers | Backendless Backend as a Service Platform

Hope this helps,

1 Like