Use other key than Master Key for backend

Hi community!

So, I have a node backend that connects to the database via the sdk and right now it uses the master key to access/modify it as stated in the documentation. But of course that is a big security risk so I’m looking for alternatives but haven’t found one yet.

Hopefully you guys have a solution?

I’ve looked at roles, which would work fine but I’m not able to find how to ā€œlog-inā€ with the backend and it seems a bit overkill to log in each time I want to make an API call. (I would still be curious to see how that works if you guys have it working!)

What I was hoping to find was kind of api key that I can use to identify the backend and that can easily be revoked/renewed if compromised but that doesn’t seem to be possible right now?

Let me know!
Thanks :slight_smile:

you can use a cloud function that runs some specific code, and in that cloud function you can check your API key

or you can authenticate with username and password, (create a user, a role, add that role to tables)

Yes, as I was posting the question I was thinking of the username/password login with role and all.
It was just hidden under the ā€œEmail Authenticationā€ tab which I must have missed. I think I’ll go for that as it gives me more granular control over it.

As always,
thank you @cryptokid

1 Like