Hi, I have two use cases that I’d like to test, and I’m wondering what the “Best Practices” are on Backendless for these:
Use Case 1: Backendless Timer (in Custom Business Logic) calling a Backendless Node.js REST API script (in Files/web/scripts). Because Node.js scripts by default are apparently open to the web, one needs to use the User and Roles system to restrict access in some fashion. One way would be to create a special user, but presumably the Timer would need to login each time as that user to get a user-token, present that to the REST API, and then the REST API would have to authenticate that token.
Is there a better way to do this if the Timer and Node.js scripts are both in the same application?
Use Case 2: Backendless Node.js script accessing the Backendless Data service for administrative purposes (such as to run a script that collects stats). In this case, just to be general we don’t assume the Node.js script and Data service are part of the same app or even in the same Backendless instance. Later we could have Node.js apps running on another platform also accessing the Backendless Data service in a Backendless application. One could again create a special admininstrative user and have the Node.js script log in to Backendless, but that doesn’t seem like the best approach.
What is the preferred way to do this the Node.js application and the Backendless Data service are NOT in the same application or the Node.js application isn’t even on Backendless?
Thanks very much for any insights on these questions.