In this tutorial, you learn how to make your application's pages public or private when working in the Data API's Playground, based on a setting in My Betty Blocks.
Sam van de Kreeke
Published: 12-06-2020
Last updated: 27-08-2020
Applications are public by default, meaning that everyone (with the right authorization) can view data via Pages or directly via the Data API. Next to this public mode, applications can also be used in private mode. This page explains what private mode means, when you can use it and how you can use it.
Applications can be used in one of two modes: public or private.
Public applications are the default, where end-users can interact with data via Pages or via the Data API. Access to data is managed by model permissions only.
Private
applications follow the same rules as public applications, with one addition: only Builders can interact with data. So, data is only available when someone authenticated as a Builder. Builders are members of an application and can be managed via My
BB.
When building a new application, you want to focus on just that: building the main framework of the application, set-up your data models, filling the back office with data, etc. More advanced topics like role-based model permissions should not be part of this first phase of an application’s life. Or in other words: you don’t want to worry about accidentally exposing sensitive data to the public because some model permissions are not set (correctly).
When an application is in private mode, only Builders you assigned to the application can interact with the data. While model permissions are still applied as normal, the check on authentication as a Builder provides an extra safety net for your data.
The application private mode can be used via two steps. First, you have to enable the private mode via My Betty Blocs. Second, you can use your application in private mode via Pages or directly communicate with the Data API via the GraphQL Playground.
{ "errors": [ { "extensions": { "redirect": "<URL>", "statusCode": 401 }, "message": "Unauthorized" } ] }
And that's how to use the public/private setting of your application in the Playground!