Use other key than Master Key for backend

Moralis General
#1

Hi community!

So, I have a node backend that connects to the database via the sdk and right now it uses the master key to access/modify it as stated in the documentation. But of course that is a big security risk so Iā€™m looking for alternatives but havenā€™t found one yet.

Hopefully you guys have a solution?

Iā€™ve looked at roles, which would work fine but Iā€™m not able to find how to ā€œlog-inā€ with the backend and it seems a bit overkill to log in each time I want to make an API call. (I would still be curious to see how that works if you guys have it working!)

What I was hoping to find was kind of api key that I can use to identify the backend and that can easily be revoked/renewed if compromised but that doesnā€™t seem to be possible right now?

Let me know!
Thanks :slight_smile:

#2

you can use a cloud function that runs some specific code, and in that cloud function you can check your API key

or you can authenticate with username and password, (create a user, a role, add that role to tables)

#3

Yes, as I was posting the question I was thinking of the username/password login with role and all.
It was just hidden under the ā€œEmail Authenticationā€ tab which I must have missed. I think Iā€™ll go for that as it gives me more granular control over it.

As always,
thank you @cryptokid

1 Like