REST API not recording my password field that I pass...

This is embarassing. I just wrote a blogpost on how to use the REST API for Corona to create new users in Backendless.

Everything works, except the password always shows null on the backend in my user database. I don’t get any errors in the response, just the expected stuff WITHOUT the password. Here’s some debug output from my console:

JSON is {“username”:“fowler”,“password”:“whooooo”,“email”:“”}

Response {“username”:“fowler”,“updated”:null,“created”:“06/18/2014 02:35:37 GMT+0000",“email”:"”,“ownerId”:null,“objectId”:“FFA

In the response, where’s my password?! And when I check the database of users it’s just blank.



Hi Mario,

Backendless does not store passwords in clear text. In fact Backendless does not even know your password. We encrypt passwords with a one-way algorithm (MD5 with salt) and store the encrypted version of it. As a result, we cannot even decode it back to clear text. You cannot retrieve your own password and if user forgets what it is, you can use the API to change it.


HA! Well that was easy! Thanks Mark!


Excuse me, but how can I manage my login system? The user passes his user/pass from interface, so how could I verify this using GET method from REST APIs ? Yet, when I register a new user, in the PostResponse object I don’t get a password value neither from REST APIs nor from Backendless’ Rest Console.

For login user have to use the same password he used for registration. What exactly do you want to verify?

Hi, Stanislav. Thanks for your Reply.

I have my interface with two fields: “Username” and “Password”. When the user tries to login with correct username/password, the system never granted the access to him. I do the verification doing a GET method from REST APIs (in and xamarin.ios). I obtain the list of all users with this method and I do a verify on the username. It finds 1 match, and it’s correct: it’s my user. So after that i use the getResponse[0].data.password property (the object returned from the get) but the problem is infact that this returned object has no password field (null)! So i can’t do the match/comparation with the password supplied with the interface.

How can I solve this?

Why don’t you let the request go to the server? The server logic does exactly the same you want to do on client side.

How can I make this? I don’t understand. I try to explain better myself:

I am developing an app that does in a some point user/pass based authentication. On backendless’ side, I created a new app, and I saw that I already have an “Users” System Table. So I thought: “Ok, I will populate this for my user managing system in my app”.

So I created my call to the POST method of REST APIs for creating a user and GET method to obtain a list of users. But, first problem: when i use REST CONSOLE to edit a new user pass, it remain blank (ok I read them are obfuscated due to security reason). So i created a new user with my POST method from my app, and in backendless a new user was created. Finally, when trying to authenticate my new created user, from my app interface (so inserting user/pass credentials), i make a GET method call to this URI:, using my APP id and SECRET KEY as headers. Now, my logic is:

  1. grab user/pass textdfield values from my app
  2. query the database and GET users WHERE username=‘myuser’ (if I try to query password field the database gives me a forbidden error)
  3. if you find an user, match the pass textfield (of the app) value with returned user’s.password field, but it no works because it has not a password field (is null)

I hope I’ve been more clear this time eheh, sorry and thanks for patience.

I’m sure I am misunderstanding something: I’ve noticed that if I try to login using rest console (with LOGIN USER) with username/password of my registered user, I’m able to login IN THE REST CONSOLE!

You don’t need to search manually matching user’s name and password.

Please, take a look at our documentation for more info on how our login works.
Basically, user just pass his username/email and password, and our system makes all the work for you. If user pass wrong password or username, the response will be an error with the appropriate error message. And if user login is successful, he will be able to make requests as an authenticated user.
Hope it answers your question.


Hi Stanislav,

I have realized that “System Users” are *users that can access my APIs", not “GAMERS” in my app :slight_smile:

That solves my question. Thanks!