SYNCANO — SETTING UP
Welcome to the first in a series of posts regarding Syncano. I’d love to say this is the first of 3 or 4 or 5 posts, but to be honest I’ve no idea how many I’ll write. I’m guessing I’ll stop when I’ve run out of ideas, time or money.
This post is all about setting up your Syncano account, creating and securing your first data “Class”. The next post will show you how to fetch data from the Syncano platform and display it in a tableview.
I’ll be linking to various resources as we go, and you’ll also find a list of all the links at the end of the post.
I apologise now for the number of images in this post. Because we’re not coding it’s going to be lots of settings screens.
There is also a Syncano Slack forum. It’s worth signing up to this Slack as the Syncano team are quick to respond to questions and requests for advice. You can sign up here…. http://syncano-community.github.io/slack-invite/
So how are we going to achieve our goal?
- Sign up to Syncano
- Create a Syncano Instance
- Create a data Class
- Review Syncano security mechanisms
- Set up security schema
- Populate your data class
- Create an API key
- Test progress using a browser
Like the best of plans. Simple steps.
Step 1 — Sign up
Signing up to Syncano could not be simpler. No credit or debit card details are required. You can either sign up using some existing “social” credentials or you can provide an email address and password. Syncano will send you an email to validate your email address, but you do not need to validate the address to start using the platform. If you chose to create your account using social credentials you can switch to more traditional username/password combination later.
Sign up here. https://dashboard.syncano.io/#/signup
Step 2 — Create Instance
The word “Instance” suggests that you are creating a virtual server, of course you are not. Think of an Instance as a collection of data, security rules and capabilities. Ideally you would use one instance per project.
There are limits on what you can do with or store in an instance, free or paid, check this page for more details. http://docs.syncano.io/docs/limits
Let’s create an instance. Click the ADD button.
The Syncano platform will suggest a name for your instance, Heroku style, but you are free to change this to something more suitable for your project. I am guessing that the instance name will need to be unique across the platform.
Once created you then get to see the main instance dashboard.
Step 3 — Create data Class
Now we’re ready to create a data Class. A class is the container that will store all our data, think of it like a data table in a database. Classes can store all sorts of information, string, numbers etc, and binary objects and relationships to other classes. The stuff you store in your classes are called Data Objects.
Select Classes from the left menu.
The “user_profile” class is a system class — it was created for you. We do not need to mess with this class — leave it alone.
Let’s create a class that we’ll use to store Country information. Click the “ADD” button, top right of the page.
Create the country class you see below.
See that the “name” property has FILTER and ORDER options checked. If you intend to search or order queries you need to tell Syncano in the class builder.
Notice that we skiped the “Group ID” ,“Group Permissions” and “Other Permissions” fields. Even though we skipped these fields, leaving them blank, the default behaviour is that all users will have permissions to create Data Objects. (I have raised this with Syncano as I view this as a security risk). We’ll consider these settings in the next step.
Step 4 — Syncano security
Syncano security uses a matrix approach meaning that you need to consider security at the class/channel level as well as at the data object level. Add to this that you can create API keys that negate or respect your security schema.
This table shows the various permission options available.
There’s a lot of flexibility here so when you are planning your own app — make sure you spend time considering and planning and testing your security model. It’s much easier to figure what works best for your app in a test harness than testing on the fly as you build your app. Also remember that security is an ever changing beast — be prepared for improving security capabilities as time moves on.
TIP : Take some time to read the Syncano Permissions documentation here, it might look complex but you really need to understand this stuff http://docs.syncano.io/docs/permissions
Remember I mentioned that API keys can negate or respect security. Here’s an example, It is possible to create a read only data source by leaving all security settings at default — and then specifying a read only (anonymous) API key. While this sounds excellent, it’s such a shame you can’t restrict the API key scope to specific classes — that would be brilliant. As it stands this example is only valid if your users can read ALL the data in your instance.
Being a traditionalist — it helps to ensure I don’t mess up — we’ll create a group. Create a user and add “them” to our group. We’ll permission the class and data objects appropriately and then lastly serve some data. Later posts will build on this work — so don’t skip it!
Step 5 — Set up security schema
We will start by creating a group.
Group name = Readers
Now we’ll create a user and add them to the group at the same time.
Username = reader
Password = password
Group = Readers
Your permissions should now look like this.
Now well update our class so that only authenticated members of the Readers group can access the class.
Edit your class.
Add the readers group to your class permissions.
NOTE : Adding the readers group to our class does not grant group members access to the data. This permission only grants group members read permission of the class schema — not the data in it.
Group (ID) = Readers
Group Permissions = read
Other Permissions = none
Step 6 — Populate our class
We’ll populate just a few rows. Use the table of data below, either retype or copy/paste, don’t forget to add the flag images.
TIP : You need to click the tiny “grid” icon.
TIP : Previous screens have large ADD buttons, to add Data Objects there is a + button.
When adding Data Objects — remember to add the readers security group
Your target is something like this — 5 countries.
Step 7 — Create API Key
Select API Keys from the left menu.
Lets create a new API key.
Description = Readers
Ignore ACL = Off
User registration = Off
Anonymous usage = Off
Our API key can be used by authenticated users to retrieve and read data from our countries class. If the user is not authenticated this API key is of no value.
Step 8 — Test
Wow! We’re at the end. All that’s left to do is test and confirm our handy work has been successful.
To save time we’ll test in the browser — we can’t do that here on Medium so to test you’ll need to visit the original post over here.
Step 9 — Part 2
We have already started writing Part 2. Why not sign up to the newsletter, we’ll let you know as soon as it’s published.
Don’t forget you can use the comments feature to ask questions and give feedback on the post.