Securing a database

Here you'll learn how to ensure the security of your databases by defining whitelists and API custom databases keys.


Defining a database whitelist

By default, your Read, Write and Master database keys can be used from any computer with Internet access. However, there might be situations where you want to strictly control which IP addresses or website domains can use these database keys for your API requests.

You can define a whitelist to your databases during its creation or edition steps through the Control Panel or API.

Using the control panel

During a database creation or edition through the control panel on the Database IP Address step you can define the IPs (ipv4 or ipv6) or website domains that you want to add to this database whitelist. After that just finish the database creation or edition so your whitelist can be updated and applied.

Defining whitelist
    for your databases

Using the API

During a database creation request (POST) or edition request (PUT) through the /database API endpoint you can define the addresses-whitelist parameter with a list of IPs (ipv4 or ipv6) or site domains that you want to add to this database whitelist. Afterwards send your request and check if it was executed successfully.

Below you can see an example of how to do it during a database creation. Check the API reference so you can learn how these database creation requests and edition requests work.

curl -X POST https://api.slicingdice.com/v1/database \
    -H 'Authorization: TEAM_API_KEY' \
    -H 'Content-Type: application/json' \
    -d '{
    	"database": {
      		"name": "UsersDB",
      		"description": "Database to store users data",
      		"type": "test",
      		"pricing-model": "pay-per-column",
      		"labels": ["financialdb", "technicaldb"],
      		"query-load": "normal",
      		"insertion-load": "high",
          "cloud_provider": "ovh",
          "cloud_area": "global"
    		},
    	"addresses-whitelist": ["192.168.0.1", "192.168.0.2"]
}'

Defining a database custom API key

The custom database keys are also another way of assuring security to your databases because they can be configured to only execute operations in allowed columns from a given database (column-level security), filtering only the data that should be shown (row-level security) and restricting its access from defined IPs and domains (whitelist).

You can define a custom database key during the database edition process through Control Panel or through the custom key creation process using the /database/custom_key endpoint on API.

Using the control panel

During a database creation or edition through the control panel on the Custom Database Keys step click on Create New Custom Key. Notice that here you'll define the following parameters:

  • Key name: defines the custom key name up to 80 characters, allowing just letters and numbers.
  • Key permission level: defines the key permission level (Read, Write or Read-Write)
  • Key description: defines a description for this key
  • Columns to whitelist: defines the columns that this custom database key will have access to execute operations (column-level security)
  • IP addresses: defines a whitelist with IPs and domains that can use this custom key
  • Filters: defines filters to be applied in every query executed using this key (row-level security)
Defining a new custom
    database key for your database

After that, click on Save Custom Key and continue with the database creation or edition process.

Using the API

You can create an API custom database key executing a POST request through the /database/custom_key API endpoint defining the parameters as you can see below.

Check the API reference so you can learn how the custom database key creation request and its parameters work.

curl -X POST https://api.slicingdice.com/v1/database/custom_key \
    -H 'Authorization: TEAM_API_KEY' \
    -H 'Content-Type: application/json' \
    -d '{
		  "database-name":"UsersDB",
		  "custom-database-key":{
			"key-name":"financial-key",
			"key-type":"read-only",
			"description":"Key to access just the financial information.",
			"columns-whitelist":{
			  "buyers":[
				"name",
				"address",
				"age"
			  ],
			  "products":[
				"price",
				"quantity"
			  ]
			},
			"filter":{
			  "stores":[{
				"country":{
				  "equals":"USA"
				}
			  }]
			},
			"addresses-whitelist":["182.504.12.123", "192.168.0.123"]
  }
}'