Query about nodejs and android, use api or queries to the bd

Navigation
0

I want to know if to make an application on android, should I connect and make queries directly to the bd, or use an API? , I have currently made a web in express / nodejs and mongo using jade and angular for the management of templates and part of the front, in which each endpoint renders a page with the respective data, I have the following endpoint, I will only put some. 

GET /user/perfil/:id/eventos   --Lista de eventos suscritos o creados(tuyos)
GET /user/perfil/:id/eventos/:id  -'-Muestra el evento x o debería redirigir a /eventos/:id ??'
GET /user/perfil/:id   --Te muestra el perfil con id tal
GET /eventos             --Te muestra la lista de eventos creados(todos)
GET /eventos/:id        --Vuelve a mostrar el evento x (publico para todos)

I have only put the gets, and some, with a little doubt in the 2nd 5 ° endpoint, now if I want to consume the data from android, I am seeing create an endpoint similar to the following. 

  GET  "/api/users"
  GET  "/api/eventos"
  GET "/api/rectififaciones"

Being that to the api, I would have to put a middleware so that it is only accessible through a token, maybe jwt ?, it's ok my logic or how else could I do it, thanks in advance.

    
asked by Kevin AB 18.10.2016 в 07:49
source

4 answers

1

I can highly recommend you review the Amazon Lambda technology so that the Lambdas can perform operations with your base of data and return results to Android. The way to do it is with a Post, for which I use Volley , is the easiest and safest way I've found to do it.

    
answered by 18.10.2016 в 20:51
1

I think that this is your decision, all the ideas you gave are valid. Now, personally I have worked with Android and WS made in PHP and in .NET and in terms of security, generated hash for each user with which verified whether or not he had authorization for said function. I also recommend you and it would be good to work with databases SQLite to run your APP in a way offline if you wish.

    
answered by 18.10.2016 в 13:52
1

I do not recommend calling your database directly from your Android application, that would imply that your app has in its code the credentials for the connection to the database, which can be extracted from your app using reverse engineering, and grant immediate access to your database.

    
answered by 18.10.2016 в 23:05
1

I think it's best to use REST as you are proposing. Now, when implementing token security, I think that Oauth2 is your best bet at the moment.

    
answered by 19.10.2016 в 03:11
How to correctly condition the coordinates of an HTML element with mousemove in JavaScript? SOCKS issues