Answer the question
In order to leave comments, you need to log in
L
L
likejavascript2014-05-07 09:37:50
likejavascript, 2014-05-07 09:37:50
How a secure mechanism for working with the REST API is achieved using MongoLab as an example
I want to figure out how to implement secure interaction with the REST API server, following the example of MongoLab cloud hosting.
When registering a new account, a certain apiKey is issued, which is substituted in all requests to this service:
https://api.mongolab.com/api/1/databases?apiKey=<api-key>I understand that this is some kind of public key in the encryption system, with which the client is identified? But how is it checked that this is the client who owns the site, because I can send the same request from a completely different site and, in theory, everything will also work?
In general, I’m interested in how and with what help similar REST API services are implemented (preferably on NodeJS), since there is a need to do something similar in my project. Maybe there are some ready-made examples / libraries for implementing such functionality?
2 answer(s)
@miraage
@artishok
M
Mikhail Osher, 2014-05-07 @miraage
Probably not. Shine the key - at your peril and risk.
docs.mongolab.com/faq/#do_you_have_a_rest_api
As far as I understand, it is recommended to use drivers.
Personally, I would use their API for personal admins, etc., where only I will have access.
P
Petrusha Ukropov, 2014-05-07 @artishok
Domain binding.
When receiving an identifier, the user specifies the domain on which this identifier will be used. During any actions, check from which domain the request is coming from.
Similar questions
P
N
J
JoyRax2021-08-24 10:56:52
How to deal with TypeError: Cannot read property 'db' of undefined?
1Reply
M
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question