Advanced API Security

By David Gyenes, Director of IT

Ninox is working on an advanced API security feature which is fantastic news for the Ninox Community! Controlling the “who” and the “what” is something we all desire. We will be able to create and order API keys to specific “Roles”. What does this mean exactly?

Most of you are already familiar with the roles in Ninox. We can create a role type and assign it to a user or multiple users. With this capability, we can control the group of people able to access a table or a field in a table. We can define whether or not a role is able to read, write, delete, or create content. These are the rules for APIs as well. Usually, API calls use these 4 functions: GET (read), POST (create), PUT (update), DELETE (delete). As you can see, these functions mirror the Ninox security privileges. The result is that if we define an API key to a role or multiple roles, only those functions will be available via API and the role is set in our Ninox Database.

 Let’s discuss this in a little more detail. We can set a role to access a database, we can restrict API keys to be able to access certain Databases and we can drill down to the next table level. We can control whether this API key will be able to read data out, create records or write data into the record. Not only can the record be set, but also, we can protect certain fields as well by setting the field with “display if” or “writable if” parameters.

Ninox may now enable us to control who accesses which database and what they are able to do in that database.

This is going to be a game changer!!!