Secure Your App
You can create custom API Keys that are unique to your app, you can set them to be read-only, or have full read / write access
Passing JSON Web Tokens
If you don’t want to pass your API key every time then you can also pass an encrypted JSON web token.
This can be generated by passing the following POST query:
curl -X POST https://api.flybase.io/create-token/YOUR-API-KEY
This will return a JSON object with
id_result as the key, copy the contents of
id_result to use elsewhere.
Then you can pass the JSON token rather than your API key:
var flybase = new Flybase("token:MYJWTTOKEN", "web", "posts");
token: is seen, Flybase will assume this is a JWT token and will retrieve your API Key from inside that, this helps secure your API key if you decide you’d rather not share it.
Your white list rules are still followed for the API key you decide to include inside your token, so nothing changes aside from passing a token instead of an API key.
You can set a custom
secret to use for encrypting and decrypting tokens from your dashboard. You can also create tokens from there, by selecting an API Key and hitting
Whitelist Your Domain
For every API Key you create, you can whitelist your domain so that the key can only be used on domains you’ve authorized.
All Flybase apps have
127.0.0.1 enabled by default.
To add your domain, navigate to the Your APi Keys tab on your Flybase Dashboard and add your domain under the White Listsection of your API Keys.
Upgrade Your Flybase Plan
Our Starter Plan allows up to 100 simultaneous device connections, or simultaneous users on your application. If 100 devices are currently connected and a 101st device attempts to connect to your app, the API will throw an error and any additional connections will fail.
All of our paid plans have no simultaneous device connection limits and are recommended for production apps.