I’m new to dreamfactory.
I’m a little bit confused about dreamfactory authentication and authorization.
Here’s the issue I found:
I created a App named myApp, which is ‘File Storage’.
Then DF auto generate the stub of App with basic login feature and CRUD.
What confusing me are:
- CRUD api can be invoked even without user login
- Incorrect App name still work with API invoking, pls see below code:
var app_name = “myAp”;
window.authorizations.add(“X-DreamFactory-Application-Name”, new ApiKeyAuthorization(“X-DreamFactory-Application-Name”, app_name, “header”));
I’m using incorrect App name ‘myAp’ instead of ‘myApp’, but I’m managed to invoke the API with SDK as well…
I just figured out it is because of my admin session_id is working in the same browser window.
Same story happen to other poster.