Javascript and User Authentication for the REST API

At Parse, our vision is that anything you can build with your own backend server, you should be able to do with Parse instead. We’ve been constantly impressed by the things developers have been building with the Parse REST API. In particular, a lot of developers use Parse not just to build mobile apps, but also to build mobile websites. To make this easier, we’re launching several improvements to the REST API today.

First, we’re launching support for cross-origin resource sharing, so that you can use Parse from Javascript that runs on any site. With the X-Parse-Application-Id and X-Parse-REST-API-Key headers, so that you can access Parse from Javascript on any domain. This works for all CORS-compatible browsers, which includes all Android and iOS browsers. Here’s some sample code to create a Message object with an XMLHttpRequest:

var xhr = new XMLHttpRequest();
xhr.open("POST", "https://api.parse.com/1/classes/Message", true);
xhr.setRequestHeader("X-Parse-Application-Id", "your application id");
xhr.setRequestHeader("X-Parse-REST-API-Key", "your REST API key");
xhr.setRequestHeader("Content-Type", "application/json");

xhr.onreadystatechange = function() {
  if (xhr.readyState == 4) {
    var result = JSON.parse(xhr.responseText);
    if (result.objectId) {
      alert("saved an object with id: " + result.objectId);
    }
  }
}
  
var data = JSON.stringify({ message: "Hello world!" });
xhr.send(data);

The REST API also now supports the same user-based security that the iOS and Android SDKs support, so that you can control access to user data. The user gets authenticated by passing the X-Parse-Session-Token header. This works using CORS from Javascript, as well as anywhere else you access the REST API. Read more about it in the REST API Users documentation. Parse is always backward-compatible, so code that uses older methods of authentication will still work.

We built these features because we heard from so many developers telling us that they would be useful. So please, keep in touch, let us know what you’re building and how we can make your life easier.

Thanks for using Parse!

Kevin Lacker
January 19, 2012
blog comments powered by Disqus

Archives

Categories

RSS Feed Follow us Like us