Version 1.5 of the DreamFactory Services Platform (DSP) introduces some incredibly powerful new features for mobile enterprise application development including Lookup Keys, Server-Side Filters, Server-Side Events, and Server-Side Scripting. I am really excited to be writing about all of these new features, starting with some of the interesting use cases for Lookup Keys. We have implemented this feature to provide a secure way to store external credentials and other information inside the DSP. Now individual users and roles can be connected to the corresponding user or role in an external SQL or NoSQL database. Here is a more detailed discussion of this exciting new capability, below.
The DSP administrator can create any number of “key value” pairs attached to a user, a role, or the DSP itself. The key names can be used in a variety of DSP interfaces, and the key values are automatically substituted on the server. For example, key names can be used in the username and password fields required to hook up a SQL or NoSQL database. They can also be used in Email Templates or as parameters for external REST services. Any Lookup Key can be marked as private, and in this case the key value is securely encrypted on the server and is no longer accessible through the platform interface.
Storage of Master Credentials
One simple yet important use of Lookup Keys is to hide the master credentials required for integration with an external system. For example, if you are using Amazon S3 then you will have an Access Key and Secret Key provided by AWS. Both of these values could be saved as private DSP Lookup Keys. Then you can use the key names in place of the actual credentials in the Admin Console. Later, if you wanted to connect to another Amazon service like Dynamo DB, you could just reuse the same key names. In this manner, your secret keys are encrypted and only used on the server-side for authentication with an external system. Private keys must be used for credentials and passwords and cannot be used elsewhere.
Credentials By Role
The Admin Console can add Lookup Keys to any user role. This allows you to “tag” a role with information about an external database. For example, let’s say you have a legacy SQL database set up with different access rights for marketing, sales, and support. You want to build a mobile application that uses this data, but mobile users must have the same access rights as other employees. First, create a Lookup Key for each user role that has the correct credentials. Next, use these key names in the username and password fields when you set up authentication. Now users of your mobile application will be automatically mapped to the corresponding role in the external database!
Credentials By User
You can add Lookup Keys to the user, the role, or the DSP itself. The key names are matched in that order. This hierarchy makes custom use cases easy to implement. In the example above, you added Lookup Keys to various roles. If you add the same keys to a specific user, then that person would have special access rights, because user keys are matched before role keys. Or you could bypass roles altogether, and just match all of the users in your mobile application to the corresponding users in a legacy database. The match could happen by email, user id, name, or whatever criteria work best with your data. This can all be set up in the Admin Console or through the REST interface as an automated process.
DreamFactory provides some “automatic” Lookup Keys that are always available. These keys include information from the current user session. User information includes the current user id, email address, and name. The current role id and name are available, and the current DSP name and session ticket are also provided. These automatic Lookup Keys simplify many use case scenarios. For example, connecting a user by email address in an external database is easy. There is no need to create an email Lookup Key for each user.
Lookup Keys can be used as URL parameters to call web services. This allows any type of information attached to a user or role to be used for integration. For example, the current session ticket could be used by an external service that needs to communicate with the DSP. The Lookup Keys can also be included in Email Templates, providing a simple way to reference user names. They can also be used in the Email Service, so that users can automatically send mail from their personal address. Lastly, Lookup Keys can be used in Server-Side Filters. This use case is discussed in my next blog post.
So there you have it. Lookup Keys are an important part of the new DSP feature set. Up next, we present some mind-blowing examples of how Lookup Keys enable Server-Side Filters. After that, Server-Side Events and Server-Side Scripting are covered in depth. All in all, these capabilities represent a huge leap forward in enterprise security and data segmentation for our open source platform.
Learn more at: www.dreamfactory.com
Download now at: bitnami.com/stack/dreamfactory