Verify user inside custom event

Hello, I have a question regarding the custom events that can be made in the business logic:
Is it possible to find out which user is triggering the event? for example, if the event was triggered from an Android client, can I know if the user is logged in? or anonymous? However if it is not a built in feature, lets assume that I added the ‘BackendlessUser’ object in the arguments that are about to trigger the event. Is it possible to check , in the backend side, if that ‘BackendlessUser’ object is a real existing user with valid token?

Here is an example:

Let’s say this is code is running on my Android client:

HashMap args = new HashMap(); 
args.put( "currentUser", Backendless.CurrentUser() );
Backendless.Events.dispatch( "my_event", args, new AsyncCallback<Map>()
     public void handleResponse( Map result )
              System.out.println( "received result " + result ); 
      public void handleFault( BackendlessFault backendlessFault )
           System.out.println( "got error " + backendlessFault.toString()

Where in the backend I would have:

@BackendlessEvent( "my_event")
public class FooEventHandler extends CustomEventHandler
      public Map handleEvent( RunnerContext context, Map eventArgs )
           // add your code here
            BackendlessUser user = (BackendlessUser) eventArgs.get("currentUser");
            //TODO: Validate user
           return Collections.emptyMap(); 

Now the real question here, is how do I validate the user in the backend. The reason I am asking this is for security, where I don’t want someone to somehow find the API keys of the app, and will simply be able to make anonymous API requests, so validating the user before preforming any changes is necessary.

Take a look at the RunnerContext argument passed into your event. The “context” object has the following method:

public String getUserId()

The method will return objectId of the user logged in on the client side. There’s also another useful method:

public List<String> getUserRoles()

That’s a collection of roles the logged in user belongs to.Regards,