Documentation

Learn how to create databases and use the REST API.

Visit the blog for in-depth articles and tutorials.

Join our FB group to interact with the restdb.io team and active users.


Authentication of external users

restdb.io provides an authentication system that secures access to your application. External users can signup and login to your application and get a secure access to data and APIs.

Check out this simple example with complete code example here. Also read this blog post for a complete To-Do application

Auth0 authentication logo

restdb.io support direct integration with the auth0.com authentication service. If you are new to Auth0, get started here: Auth0 quick start for single page applications

Set up clientID and clientSecret from Auth0

  1. Auth0: Create a new client in your Auth0 account
  2. Auth0: Pick framework (e.g. "Single Page Web Application"), then select your client framework, e.g. Javascript Single Page Application
  3. Auth0: Add allowed callback URLs, typically your application start URL.
  4. Restdb: Navigate to database Settings/Authentication. Enable the authentication checkbox and copy the Client ID and Client Secret.

Add users from Auth0 to your restdb.io database

An optional step for the Auth0 integration is to transfer signed up users from Auth0 to your restdb.io database. The users can be added to the predefined collection "users". Or you can create a new collection to store user data.

Create a new empty rule in Auth0 and add the following JavaScript code to the rule. This rule will add a user to the database at first login.

    function (user, context, callback) {
      // short-circuit if the user signed up already
      if (context.stats.loginsCount > 1) {
        console.log("seen user before");
        return callback(null, user, context);
      }
      var _ = require('lodash');

      var small_context = {
        appName: context.clientName,
        userAgent: context.userAgent,
        ip: context.ip,
        connection: context.connection,
        strategy: context.connectionStrategy
      };

      var payload_to_restdb = _.extend({}, user, small_context);
      payload_to_restdb.roles = ["external", "somerole"];
      payload_to_restdb.active = true;
      console.log("Calling restdb.io");
      var request = require("request");
      delete payload_to_restdb._id;
      var options = { method: 'POST',
      url: 'https://<your_database_url_here>/rest/users',
      headers: { 
         'cache-control': 'no-cache',
         'x-apikey': '<your_fullaccess_api_key_here>',
         'content-type': 'application/json'},
          body: payload_to_restdb,
      json: true };

      request(options, function (error, response, body) {
      if (error) throw new Error(error);
        console.log(body);
      });

      // don’t wait for the restdb.io call to finish, return right away (the request will continue on the sandbox)`
      callback(null, user, context);
    }

Authentication API

Http VerbResourceFunctionality
POSThttps://<database>/auth/tokenRequest a API access token (e.g.{ token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ…", iat: 1472191246, exp: 1472194846 }). Request body can be an access token ({"code": "your access code"}) or an valid API token that should be refreshed ({"refresh": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ…"}).
GEThttps://<database>/auth/userinfoGet data about a user. Returns email, displayname and image.
POSThttps://<database>/auth/logoutLogout a user, Invalidates the login token. This token can no longer be used for API access.