Redirect Notice
As of April 12th, you must go to Progress SupportLink to create new support cases or to access existing cases. Please, bookmark the SupportLink URL and use the new portal to contact the support team.
How can we help you today?
Is it possible to expose my backend as an API?
4 CommentsSorted by Oldest First
You'd want to use the REST api for that, right? What's holding you up specifically?
I'm not sure if the Kinvey Rest API would be the same for my API. For example, access should ideally be handled with secret tokens created on my APP. Or consider something like Gmail app specific passwords, if I have data that other people need to access on my behalf, then giving my credentials is very risky. In the same way that you don't give you user and pass for apps to use the Facebook API on your behave. This sort of things of how it's different to use an API from the browser as a user as opposed to using it from a server, made me present this question. In parse (sorry but I don't know how else to explain further) you'd host an Express app exposing the API as you desire and using the BaaS power within it, like a mixed solution that's way better than your own hosted API. This feature covers for all the limits of BaaS by letting you provide a solution, hosted and handled on the platform itself. Is it clear now the limits that I'm currently seeing? Please let me know if there something else I can add to make it better.
You could add collection hooks or rpc endpoints that will translate a secret token header created by your app into proper credentials in order to access the baas documents perhaps?
If tweaking access to data using the [Kinvey ACL](http://devcenter.kinvey.com/guides/security#Accesscontrol) is not sufficient for you, I’d recommend the following architecture:
1. Create a Node.js (Express) app which talks to the Kinvey REST API. You can use the [Node.js library](http://devcenter.kinvey.com/nodejs) for that.
2. Add an authentication layer to your Node.js app, which provides "app specific passwords".
3. Let the client (browser) authenticate against your auth layer added in 2. If successful, allow access to your API created in 1., which talks to your backend.
The browser will thus always connect to your own app, and you can do authentication appropriately, and expose your own REST API to the client.
1. Create a Node.js (Express) app which talks to the Kinvey REST API. You can use the [Node.js library](http://devcenter.kinvey.com/nodejs) for that.
2. Add an authentication layer to your Node.js app, which provides "app specific passwords".
3. Let the client (browser) authenticate against your auth layer added in 2. If successful, allow access to your API created in 1., which talks to your backend.
The browser will thus always connect to your own app, and you can do authentication appropriately, and expose your own REST API to the client.
David Pelaez T.