Reputation: 73005
Apigee App Services - Securing sensitive data in /Users collection
I've got a collection of users stored in the default App Services /Users collection.
Out of the box, to create a user, you only need to collect the following data:
{
"username" : "john.doe",
"email" : "[email protected]",
"name" : "John Doe",
"password" : "test1234"
}
Name and email aren't exceptionally sensitive (albeit still should be properly secured), but if I wanted to include address, date of birth, mother's maiden name, etc., this data would become significantly more sensitive.
Luckily /users data isn't available without authenticating, but it is if I request an access_token and log in.
Of course one could easily design a front-end that obscures sensitive bits, hiding it from view. But looking at the underlying endpoint, it wouldn't take much to capture out my access_token and make an authenticated GET request to /{org}/{app}/users, thus seeing all of every user's personal information.
Is it possible, through roles and permissions or ownership, to limit segments of an entity only to self? (For example, the logged in user could access their entire user entity, but only limited segments of other user entities).
If not, is there a different way to approach this predicament and secure sensitive information in user objects?
Upvotes: 0
Views: 160
Answers (2)
Reputation: 531
Remus,
Unless you delete or modify the "Default" role, you cannot see one user's data with another user's token. So nothing to worry about there.
Also, as a matter of good practice, you should make sure you are sending the oauth token in the header, rather than in the query string (e.g. don't do ?access_token=''.
Rod
Upvotes: 2
Reputation: 1208
I would suggest that you put App Services behind API Services (Apigee Gateway) then rewrite the payload.
Basically (although it's a few extra steps than I'm going to be able to put into a short response) you would do the following:
1) Create a proxy in API Services to your usergrid.com target (https://api.usergrid.com/{yourorg}/{your app})
2) Create a /users resource.
3) Either use a Javascript callout to rewrite the payload with only the elements you want to expose or use the ExtractVariables policy to pull the specific elements you want to expose and the AssignMessage policy to Set a new Payload with only the response you want to expose.
Upvotes: 1
Related Questions
- securing sensitive user data, healthcare SaaS
- How do I secure data access in my new API?
- Should rest APIs with insensitive data be protected
- ASP.NET Core Data Protection API with Angular Front End
- API Security w/o User Accounts
- Protect sensitive data with REST Web Api
- Apigee OAuth with REST authentication API
- In Apigee, how can developer accounts for an organization be accessed through a policy?
- Apigee token management and username/password OAuth authentication
- How do I secure an API that is used in a JavaScript/Ajax client [apigee]?