Hi Dave, Thank you very much for your advise. That is a best solution with a admin application but with a web application that guess user can get data from some entities. I want to prevent somebody request my API from other domain or mobile application... My english is not good, hope you can understand and help me clear. Thanks again for you support.
On Mon, Jun 20, 2016 at 8:48 PM, Dave <snoopd...@gmail.com> wrote: > The Usergrid docs for securing your applications are here: > http://usergrid.apache.org/docs/security-and-auth/app-security.html > > I would recommend that you create a Usergrid User entity for each of your > applications users, then provide a login page in your application that > posts to /{orgname}/{appname}/token to log the user in and obtain an access > token. Store that access token in a cookie or local storage so that the > user can remain logged in until they choose to log out. Also, use Usergrid > Roles & Permissions to manage what paths your users are allowed to GET, > PUT, POST, etc. to. > > Here's an HTML5 app that uses the above approach to log users in: > https://github.com/snoopdave/usergrid-mobile/tree/v1 > > Hope that helps, > Dave > > > > > On Mon, Jun 20, 2016 at 6:30 AM Thành Vũ Trung <v2tmobile...@gmail.com> > wrote: > >> Hi all, >> I'm making a social app and use usergrid as a back-end api. What is best >> solution to secure my html5 app? How to prevent somebody can get data via >> usergrid API? >> Thanks. >> >> >> -- >> *Thanh.* >> >> -- *Thanh Vu* *Information Technology Engineer* *Mobile:* +84903298791 *Skype:* v2t_nd |* Email:* v2tmobile...@gmail.com
