How to host a custom API with Back4App Parse for machine learning purposes and keep it secure?
585 views
Skip to first unread message
mrin...@gmail.com
Feb 3, 2018, 11:47:15 PM2/3/18
to Back4App
Hi,
I am building a Android app and already using Back4App parse as the data store. My requirement is to host a custom API for use of a machine learning module. I know I can use cloud code but I want to use Python or C# for the module. Also the user will need to be logged in. So my questions and doubts are:
1. What are the possible ways I can keep my API secure. I thought of validating the logged in user using the session ID but I guess that will take up 1 request each time the user makes the request. Or is there any other way to validate without making a request? Or any other approach possible?
2. Can I hit the Mongo server directly without using Parse SDK for the machine learning module? I might be using Python for machine learning and since there is no official SDK for it, so I was looking forward to use any Mongo client for Python and use it retrieve the data from the database directly. Is it possible?
Please help.
Thank you.
I am building a Android app and already using Back4App parse as the data store. My requirement is to host a custom API for use of a machine learning module. I know I can use cloud code but I want to use Python or C# for the module. Also the user will need to be logged in. So my questions and doubts are:
1. What are the possible ways I can keep my API secure. I thought of validating the logged in user using the session ID but I guess that will take up 1 request each time the user makes the request. Or is there any other way to validate without making a request? Or any other approach possible?
2. Can I hit the Mongo server directly without using Parse SDK for the machine learning module? I might be using Python for machine learning and since there is no official SDK for it, so I was looking forward to use any Mongo client for Python and use it retrieve the data from the database directly. Is it possible?
Please help.
Thank you.
mrin...@gmail.com
Feb 6, 2018, 10:17:42 PM2/6/18
to Back4App
Will calling /sessions/me from the backend be considered as one request?
nat...@back4app.com
Feb 8, 2018, 9:51:35 AM2/8/18
to Back4App
Hi,
is really heapful send the details!
At your case for security we recommend take a look at Security, at the case are some points related at the guide from Parse Sever like:
- Protect your master key
- Use https to make connections
- Validate data sent by users
- Don’t let users have access to sensitive data from others
- Require authentication
For .net guide, you can follow the guide from Parse Server and to Python case, you can use the REST API.
Following the questions, about the requests a API calls:
- Query – Is a request to get information from a database.
- API Request – Is a query to our database.
- API Requests / Second – Total of unique requests to your application per second.
Examples:
Queries, cloud functions calls, HTTP requests, push notifications, saves, logins...
Regards,
Natália.
mrin...@gmail.com
Feb 8, 2018, 3:08:19 PM2/8/18
to Back4App
Thanks for the reply.
1. I am protecting the master key as the key is in the server
2. will use https. Thanks for pointing this out.
3. Ok already on it.
4. Will use ACLs
5. Ok already required.
But the questions, I am asking are:
1. Will calling /sessions/me from the backend be considered as one request?
2. Can I hit the Mongo server directly without using Parse SDK using any Mongo client?
Please help. Thanks.
1. I am protecting the master key as the key is in the server
2. will use https. Thanks for pointing this out.
3. Ok already on it.
4. Will use ACLs
5. Ok already required.
But the questions, I am asking are:
1. Will calling /sessions/me from the backend be considered as one request?
2. Can I hit the Mongo server directly without using Parse SDK using any Mongo client?
Please help. Thanks.
nat...@back4app.com
Feb 9, 2018, 7:31:55 AM2/9/18
to Back4App
Hi,
thank your for receive the suggestion.
About your questions:
- Yes, will be considered like one request.
- Need to use a Parse SDK to connect at Back4App.
If you need any other help, feel free to contact us!
Regards,
Natália.
mrin...@gmail.com
Feb 9, 2018, 7:59:22 AM2/9/18
to Back4App
Ok thank you for the answers.
Is there any way to check the validity of the session ID (via network call or without it) without consuming 1 API request?
Is there any way to check the validity of the session ID (via network call or without it) without consuming 1 API request?
mrin...@gmail.com
Feb 19, 2018, 4:17:43 AM2/19/18
to Back4App
Hi,
First of all, I am able to hit the mongoDB database from custom client using any MongoDB SDK. All I needed was the mongo URI from the settings.
Secondly, to run custom logic on a server, the way I found to be really helpful is to use a webhook.
Thank you.
First of all, I am able to hit the mongoDB database from custom client using any MongoDB SDK. All I needed was the mongo URI from the settings.
Secondly, to run custom logic on a server, the way I found to be really helpful is to use a webhook.
Thank you.
Reply all
Reply to author
Forward
0 new messages