API key access for Users of an App


#1

Hi, I am building a webapp which permits developers to set up different data for their mobile apps. The developer might have say 5 apps on the go. I need them to be able to connect these mobile apps to access just the appropriate portion of the data for that app.

This sort of thing is often done elsewhere by generating an api key for each app that calls to the application. This api key is used to limit what data the app can access from within that users overall data in my webapp. This is how analytics packages like Flurry etc control access.

I see a similar functionality exists using email and password to authenticate mobile devices, is there a way to use some sort of generated api key instead for this purpose. I would need to be able to set and reset this key programatically not manually through the console.


#2

An app name (API key) is required for all calls, so there is no way (even as an admin) to call the API to create a new app key without providing an extant one in the original call. Of course to a user with admin authentication, app keys are manageable via the API calls just as they are in the admin console. Here are the API calls as seen in API Docs:

Of course, a user with “System Administrator” enabled will be able to change everything else on your instance of DreamFactory, too–including deleting the original app name he used to authenticate under.

In DreamFactory 2.0 there will be new app/role relational functionality with increased granularity of control to play with. I’m not sure if it will fit your entire use case, but I do recommend grabbing the 2.0 beta from our GitHub repository when it’s released (should be within a couple of weeks) and testing with it to see if we’re approaching your use case. Once you’ve done that, please do report back here with what’s good and what’s missing, and we will include your full use case for consideration in the full release of the 2.0 product.