How to use the application's Private and Public option for the Data API in the Playground

In this tutorial, you learn how to make your application's pages public or private when working in the Data API's Playground, based on a setting in My Betty Blocks.

Private mode

Applications are public by default, meaning that everyone (with the right authorization) can view data via Pages or directly via the Data API. Next to this public mode, applications can also be used in private mode. This page explains what private mode means, when you can use it and how you can use it.

What is it?

Applications can be used in one of two modes: public or private.
Public applications are the default, where end-users can interact with data via Pages or via the Data API. Access to data is managed by model permissions only.
Private applications follow the same rules as public applications, with one addition: only Builders can interact with data. So, data is only available when someone authenticated as a Builder. Builders are members of an application and can be managed via My BB.

When can I use it?

When building a new application, you want to focus on just that: building the main framework of the application, set-up your data models, filling the back office with data, etc. More advanced topics like role-based model permissions should not be part of this first phase of an application’s life. Or in other words: you don’t want to worry about accidentally exposing sensitive data to the public because some model permissions are not set (correctly).

When an application is in private mode, only Builders you assigned to the application can interact with the data. While model permissions are still applied as normal, the check on authentication as a Builder provides an extra safety net for your data.

How can I use it?

The application private mode can be used via two steps. First, you have to enable the private mode via My Betty Blocs. Second, you can use your application in private mode via Pages or directly communicate with the Data API via the GraphQL Playground.

Enable private mode

  • Go to My Betty Blocks via https://my.bettyblocks.com/
  • Open the configuration page for your application by clicking on the Applications button in the left sidebar and then search for your application.
  • Click the three-dotted button and then click on Settings.
  • Scroll down to the Advanced section and flip the switch for Private mode.

Use with GraphQL Playground

  • Make sure private mode is enabled for your application.
  • Open the GraphQL Playground of your application via `https://< betty-application-identifier >.betty.app/api/runtime/< betty_application_id >`.
  • Use the login mutation to authenticate yourself with the Data API. Check the Getting Started page of the Data API to see how to do this.
  • The login mutation responds with a message of the following format:
{
  "errors": [
    {
      "extensions": {
        "redirect": "<URL>",
        "statusCode": 401
      },
      "message": "Unauthorized"
    }
  ]
}
  • You can use the URL to redirect yourself to the login form where you can authenticate yourself as a Builder. To let the authentication service know where it should redirect you to after logging in, add the following parameter at the end of the URL: `&state=` , where redirect URL can be any URL. For example `&state=https://www.google.com`
  • Open the full URL (including the state parameter). This redirects you to the login page.
  • Enter your credentials and click on the Log in button. You will be redirected to the URL you provided for the state parameter.

And that's how to use the public/private setting of your application in the Playground!