0

How can we password protect our Deployd data accessed via URL?
Currently our users' data is visible on oursite.com/users. How can we make it password protected so that only we,the site developers, can see our users' data via oursite.com/users? (This is my first API and Deployd app.) Many, many thanks!

I found the following, if any of these look like they would work: https://www.npmjs.com/package/dpd-curl-proxy https://www.npmjs.com/package/passport-oauth

H.I
  • 5
  • 5
  • Learn about authentication. dpd-curl-proxy is completely irrelevant. – SLaks Jul 06 '16 at 21:38
  • @SLaks Thanks for the reply! I did some research, and will continue. Would this be it? https://www.npmjs.com/package/dpd-token-auth – H.I Jul 06 '16 at 23:08
  • You will also need to check whether the user is authorized in your code. – SLaks Jul 07 '16 at 01:11

1 Answers1

0

  1. Try in your 'get' event

    if (!me)

    cancel('You donot have access');

This will restrict 'users' -resource from accessed without login.

  1. To restrict access to certain user group - Use roles. That will look like,

    if (!me && !me.Admin) cancel('You donot have access');

You can try MARS CMS https://github.com/moorthi07/MarsCMS as boilerplate to rapid learning or prototype. This covers lots of Deployd's features like authentication , authorization, REST calls, ngResource examples.

MPV
  • 337
  • 3
  • 10