simple online nosql database database with REST API and MongoDB queries
  • Features
  • Docs
  • Blog
  • Templates
  • Pricing
  • Contact
  • Sign Up
  • Log In

Blog

 The latest news and articles about restdb.io  

Database templates!
Don't forget to visit our template catalog! It's the fastest way to get up and running with a restdb.io database. View templates »

Scoped REST-calls directly from web-pages using CORS

by Knut Martin Tornes
|
API|
  • Share on Facebook
  • Tweet
  • Add to Pocket
  • Share on LinkedIn
  • Send email
Nowadays, most web services offers some form of API-keys to access and update data programmatically. But there's usually a little catch: API-keys are full access and thus only usable from server to server. Some services has started to offer OAuth-access, but that involves some sort of authentication first.

In addition to a full-access API-key, restdb.io lets you add multiple keys with CORS-support. CORS enables javascript-calls directly from a web-page to a server other than the server hosting the page. 
In the "manage" pages of a database, we select the "API" tab to set up API-keys.
In this example we have added two additional API-keys:
  • One readonly (GET) key with access to /customers/** (meaning customers and all sub-urls). Only allowed from the jazzbank.com site.
  • One update only (POST) key with access to a specific customers "notes" collection. Access from anywhere. Using this key, programmers can add note objects to this customer only.
The image below shows the dialog for creating the API-key for customers


Example code

After creating you secure API-key, set up a global AJAX filter:
$.ajaxPrefilter(function( options ) {
  if ( !options.beforeSend) {
    options.beforeSend = function (xhr) { 
      xhr.setRequestHeader('x-apikey', '569a2b87566759cf4b984a50');
    }
  }
});
Now you can run database queries from your code to do cool stuff in your application. The example below fetches a contact list sorted by name in reverse order:
$.getJSON('https://rdb-simpledb.restdb.io/rest/customers?max=5&sort=name&dir=-1', function(data){
  $.each(data, function(key, item){
    $('#content').append(makeHtmlItem(item));
    ... more cool stuff here
  });
});
We hope we have given you an idea of the flexibility of this approach to API-keys. 

Read more in the docs here: https://restdb.io/docs/apikeys-and-cors
  • Share on Facebook
  • Tweet
  • Add to Pocket
  • Share on LinkedIn
  • Send email

All Posts


Search

Topics

  • API
  • Authentication
  • Case study
  • Features
  • Howto
  • Integrations
  • Newsletter
  • Productivity
  • Prototyping
  • Tutorials
  • User

restdb.io is a fast and simple NoSQL cloud database service. With restdb.io you get schema, relations, REST API and an efficient multi-user admin UI for working with data.

Our customers use it for backends, business databases, API-first CMS, data collection and much more. It is easy to get started with the free development plan.

Start Building »

  • Site Links
  • Home Page
  • About Us
  • Contact
  • Blog
  • Templates Catalog
  • Cloud Service
  • Features
  • Pricing
  • Terms & Conditions
  • Privacy Policy
  • Sign Up »
  • Documentation
  • Overview
  • Getting Started
  • Coding against the API
  • Utils
  • Security and Admin
© 2025 restdb.io