I want to build a small application where I enter data into backendless and I will write a front-end react application that will search and display content from this read only dataset.
My guess is that it is NOT a good idea to have the API Key and Application ID coded into the javascript client… What is the right way to do this?
Hi Jeevan,
application id and API key are not meant to be secret. Security of your data should be enabled by establishing a security policy for the users and roles of your app. You can read about it at:
https://backendless.com/docs/rest/users_global_permissions.html
https://backendless.com/docs/rest/users_asset_container_permissions.html
https://backendless.com/docs/rest/users_asset_permissions.html
https://backendless.com/docs/rest/data_security.html
To make data read-only, you’d need deny the “Write”, “Update” and “Delete” permissions for your data tables for the roles that should not have the ability to change data.
Regards,
Mark