FatFractal customer forums



Author Topic: Prevent direct resource API access; server ext only API.  (Read 1883 times)

shaun.etherton

  • Newbie
  • *
  • Posts: 11
    • View Profile
Prevent direct resource API access; server ext only API.
« on: March 25, 2014, 11:56:23 AM »
Hi

Wondering if it's possible to prevent direct access to resources, eg)

Prevent this:
  https://domain.fatfractal.com/appname/ff/resources/Horse/(name eq 'Mr Ed')

Only allow requests like:
  https://domain.fatfractal.com/appname/ff/ext/Horse?name=Mr%20Ed

Regards,
Shaun

jonnycools

  • Jr. Member
  • **
  • Posts: 74
    • View Profile
Re: Prevent direct resource API access; server ext only API.
« Reply #1 on: March 25, 2014, 12:15:37 PM »
You can declare the collection as PRIVATE and only sever side code can interact with it.

CREATE PRIVATE COLLECTION /Name

So no requests to that URL will go through.

gkc

  • Administrator
  • *****
  • Posts: 375
    • View Profile
Re: Prevent direct resource API access; server ext only API.
« Reply #2 on: March 25, 2014, 12:26:40 PM »
Server-extension-only API: Thanks @jonnycools for answering that one, that's exactly right

Prevent direct resource API access - yes this is also supported - see AllowedGetPattern and DisallowedGetPattern here: https://fatfractal.com/prod/docs/reference/#security-parameters

Cheers,

- Gary
« Last Edit: March 25, 2014, 12:39:45 PM by gkc »

gkc

  • Administrator
  • *****
  • Posts: 375
    • View Profile
Re: Prevent direct resource API access; server ext only API.
« Reply #3 on: March 25, 2014, 12:31:02 PM »
PS The above only works for collection queries (i.e. /ff/resources/..... )

For server extensions the presumption is that your code will take care of whatever security wrap you need in terms of validating parameters etc

shaun.etherton

  • Newbie
  • *
  • Posts: 11
    • View Profile
Re: Prevent direct resource API access; server ext only API.
« Reply #4 on: March 25, 2014, 06:28:32 PM »

Oh!  I did see that section but only skimmed through it at the time. Serves me right for reading through it at 2am; when i should have already gone to bed. :)

Thanks guys, that's perfect.

cheers,

 

Copyright © FatFractal customer forums