Is there a ReadOnly REST API key for the MongoLab database, or is it always ReadWrite

Question

Is there a ReadOnly REST API key for the MongoLab database, or is it always ReadWrite

In MongoLab, you create an API key, and then any user can access your database using the REST API.

A common case is to use REST api directly from Ajax clients.

But this gives any user full access to the record in your database, which is a security hole.

Is there a way to generate an API key that will ONLY give access only to the database

+7

rest mlab

tzador Jun 28 '12 at 17:45

source share

1 answer

jared · Accepted Answer · 2012-06-29T04:54:37+0000

Currently, all API keys have read and write access to the databases associated with the user account. If you need to open a read-only API, we recommend creating your own using one of the many infrastructures available as Express or Sinatra.

Is there a ReadOnly REST API key for the MongoLab database, or is it always ReadWrite

More articles: