Sounds like you need some sort of proxy or "API Gateway" between your app and Usergrid. We use a similar architecture for some Usergrid applications where I work (Apigee).
Dave On Mon, Jun 20, 2016 at 10:17 AM Thành Vũ Trung <[email protected]> wrote: > Hi Dave, > Thank you very much for your advise. That is a best solution with a admin > application but with a web application that guess user can get data from > some entities. I want to prevent somebody request my API from other > domain or mobile application... My english is not good, hope you can > understand and help me clear. > Thanks again for you support. > > On Mon, Jun 20, 2016 at 8:48 PM, Dave <[email protected]> wrote: > >> The Usergrid docs for securing your applications are here: >> http://usergrid.apache.org/docs/security-and-auth/app-security.html >> >> I would recommend that you create a Usergrid User entity for each of your >> applications users, then provide a login page in your application that >> posts to /{orgname}/{appname}/token to log the user in and obtain an access >> token. Store that access token in a cookie or local storage so that the >> user can remain logged in until they choose to log out. Also, use Usergrid >> Roles & Permissions to manage what paths your users are allowed to GET, >> PUT, POST, etc. to. >> >> Here's an HTML5 app that uses the above approach to log users in: >> https://github.com/snoopdave/usergrid-mobile/tree/v1 >> >> Hope that helps, >> Dave >> >> >> >> >> On Mon, Jun 20, 2016 at 6:30 AM Thành Vũ Trung <[email protected]> >> wrote: >> >>> Hi all, >>> I'm making a social app and use usergrid as a back-end api. What is best >>> solution to secure my html5 app? How to prevent somebody can get data via >>> usergrid API? >>> Thanks. >>> >>> >>> -- >>> *Thanh.* >>> >>> > > > -- > *Thanh Vu* > > *Information Technology Engineer* > *Mobile:* +84903298791 > *Skype:* v2t_nd |* Email:* [email protected] > >
