By default all the APIs that you create (or created by canonic) are public. That means anyone who knows the API endpoints can easily read your data. We reccommend creating auth tokens and changing the default permissions of your project to ensure that your APIs are secure.
Default Permissions
By default the APIs are public. To change the default permissions of your API
- Open the project that you want to edit
- Click on the settings icon on the left hand side to open the project settings
- Click on the
Access Tokens
tab on the left navigation. - Change the default permissions by editing the default permissions field
Types of permissions
Type | Description |
---|---|
CREATE | Allows creation of entries & data |
UPDATE | Allows updating entries |
READ | Allows reading single or multiple entries |
DELETE | Allows deletion of entries |
Creating Access Tokens
We recommend disabling all public access for your APIs and creating an authentication token with the permissions needed.
Example: When creating a website, you might want to create a
READ
only access token to allow your website to only read the data.
To create an access token:
- Open the Access Tokens page (Inside project settings).
- Click on the + Create a New Token to open the creation popup.
- Add a name and the permissions for that token and hit create.
- An authentication token will be generated ready for consumption.
Revoking Access Tokens
You can revoke access tokens by simply clicking on the delete
icon next to the token to revoke the token. The token will be immediately revoked.
All applications using that token will no longer have access to any of your APIs.
Using Access Tokens
You can use access tokens by passing them in the header of each of your requests when accessing your APIs. The token will be validated and will only be able to access those APIs for which it has permissions.
Sample Curl Request
curl 'https://netflix-api.canonic.dev/movies'
--request GET
--header "Content-type: application/json"
--header "authorization TOKEN_HERE"