Cameron
Reputation: 661
Security for REST interface, backend using Parse
I am currently developing a mobile app that is using a REST interface to fetch and post data to and from the server. I changed each request to include a token from Parse that the server can verify. I am trying to implement HTTPS right now, but I am wondering what other security features should I include in my application to make sure the request is verified as the correct user. Any resources on the subject would be much appreciated.
Upvotes: 0
Views: 51
Answers (1)
Cliffordwh
Reputation: 1430
Here is a list of some additional measures you can put in place.
- Don’t write the master key in the source codes of the clients. They don’t need it.
- Use ACL in your code.
- Use Parse Server 2.2.1 or above to enjoy CLP.
- Set enableAnonymousUsers to false which prevents anonymous calls to the API.
- Modify the
index.jsfile to use the Allow Client Class Creation option. Disable at the production stage.
Over and above that you can also make use express-brute and other middleware packages. There are several packages on NPM that are dedicated to that
Upvotes: 1
Related Questions
- How to protect API?
- server-to-server REST API security
- How to implement authentication on a REST architecture with Parse
- Parse Server User Table Security
- Parse server login using REST API
- Security with cloud functions using parse.com
- Authenticating Parse.com User and Session Server-side
- Parse.com API security concerns
- How to protect Rest API key for Parse in html application
- How to secure Rest Based API?