Docs

Master Key Usage

How do you connect to my parse-server?

To connect to your server, parboard uses three pieces of credentials: your server's url, your server's public application Id, and your server’s master key. The url is where your parse server instance is mounted, and your application Id is a public key used to connect to your app by clients.

Some features, such as fetching and editing the server’s schema or running background jobs and sending notifications, require the master key.

Does Parboard have access to my master key?

Parboard never has access to any of your master keys. This data is encrypted on your device and only sent to Parboard’s servers in its encrypted form. When you log in to your Parboard account and access an app, this encrypted key is fetched and locally decrypted on your device. This way only you have access to the key.

Before it's stored in Parboard's servers, your master key is encrypted by a key generated from your account’s password. For the technically inclined, your Parboard account’s password is used along with a randomly generated salt to generate a 32-byte key using 5000 iterations of PBKDF2 rounds. This key is then used to encrypt your master key with 256-bit AES encryption. Only the encrypted data is stored on Parboard - the encryption key itself never leaves your computer.

When you login to Parboard, a password hash is sent to our servers to verify it’s you. Once you’re verified, your encrypted data is sent to you. Your encryption key is regenerated by the process above, and your data is then locally decrypted on your computer.

You can monitor how Parboard uses your master key by using your browser's developer tools.

Adding Collaborators

You can add collaborators to your app. To allow Parboard to process requests from collaborators to your app, you’ll need to add a cloud code function that processes the request. Collaborators will only be given access to your data browser, with the permissions you specify.

To enable collaborators, add the following two functions to your parse-server’s Cloud Code directory:

Parse.Cloud.define("processParboardCollab", function (request, response) {

    // This function is called by collaborators to access the data browser.
    // NOTE that this function uses the following environment variables:
    // process.env.APP_ID
    // process.env.MASTER_KEY
    // process.env.SERVER_URL
    // Make sure they're set correctly!

    var requestingUser = request.params.user;
    var accessKey = request.params.accessKey;
    var requestParams = request.params.requestParams;

    // Only the data browser operations are supported for now!
    if (requestParams.endPoint !== "schemas" && requestParams.endPoint !== "classes" &&
            requestParams.endPoint !== "batch" && requestParams.endPoint !== "files") {
        response.error("Unauthorized: Invalid operation.");
        return;
    }

    // Validate the request with Parboard before processing it.
    validateParboardCollab(requestingUser, accessKey, requestParams).then(
        function (isAuthenticated) {
            if (!isAuthenticated) {
                response.error("Unauthorized: Could not validate request.");
                return;
            }

            // The request can now be processed!
            Parse.Cloud.httpRequest({
                    method: requestParams.methodType,
                    headers: {
                        'X-Parse-Application-Id': process.env.APP_ID,
                        'X-Parse-Master-Key': process.env.MASTER_KEY,
                        'Content-Type': requestParams.contentType ? requestParams.contentType : 'application/json'
                    },
                    url: process.env.SERVER_URL + (process.env.SERVER_URL.endsWith("/") ? "" :"/") + requestParams.endPoint
                    + (requestParams.className ? "/" + requestParams.className : "")
                    + (requestParams.objectId ? "/" + requestParams.objectId : ""),
                    params: requestParams.params,
                    body: requestParams.body,
                    success: function (httpResponse) {
                        console.log("Request successfully returned with status " + httpResponse.status);
                        response.success(httpResponse.data);
                    },
                    error: function (httpResponse) {
                        console.error('Request failed with response code ' + httpResponse.status);
                        response.error(httpResponse);
                    }
                }
            );
        }
    );
});

// This function is used to authenticate Collaborator requests with Parboard.
// You can use it to add any checks before processing the requests.
function validateParboardCollab(user, accessKey, requestParams) {

    // This function calls Parboard's API to make sure the requesting user submitted a valid request by ensuring that:
    // The requesting user is a collaborator for the app
    // The requesting user submitted a valid accessKey with the request
    // The requesting user has the permissions to carry the requested operation

    return Parse.Cloud.httpRequest({
        method: "POST",
        url: 'https://api.parboard.com/parse/functions/validateCollabRequest',
        headers: {
            'X-Parse-Application-Id': "Ns1Q8rGXOhv7L1T4WcJfSppeCXkqKOaI" // This key is used to make requests to Parboard's api.
        },
        body: {
            user: JSON.stringify(user),
            accessKey: accessKey,
            requestParams: JSON.stringify(requestParams)
        }
    }).then(
        function(httpResponse) {
            // success
            console.log("Parboard collab request was validated!");
            return true;
        },
        function(httpResponse) {
            // error
            console.error('Parboard collab request could not be validated: failed with status code ' + httpResponse.status);
            return false;
        }
    );
}

Scheduling Background Jobs

You can use Parboard to schedule and run your Parse Cloud Jobs. To define jobs, follow the official parse-server documentation.

To schedule jobs to run in the background, you'll need a cloud code function that Parboard will use to trigger your jobs. Add the following two functions to your parse-server’s Cloud Code directory:

Parse.Cloud.define('triggerParboardJob', function (request, response) {

    // This function is called by Parboard to trigger scheduled jobs.
    // NOTE that this function uses the following environment variables:
    // process.env.APP_ID
    // process.env.MASTER_KEY
    // process.env.SERVER_URL
    // Make sure they're set correctly!

    // validate the request before running the job
    if (!validateParboardJob(request)) {
        response.error("Unauthorized.");
        return;
    }

    // get the job and any post data from the request
    var jobName = request.params.jobName;
    var jobParams = JSON.parse(request.params.jobParams);

    // make sure the request is triggering a job with a valid jobName
    if (!jobName) {
        response.error("Invalid request.");
        return;
    }

    // and finally trigger the job!
    Parse.Cloud.httpRequest({
        method: 'POST',
        headers: {
            'X-Parse-Application-Id': process.env.APP_ID,
            'X-Parse-Master-Key': process.env.MASTER_KEY
        },
        url: process.env.SERVER_URL + '/jobs/' + jobName,
        body: jobParams,
        success: function (httpResponse) {
            console.log("Job request was made! Returning...");
        },
        error: function (httpResponse) {
            console.log("Job request failed: " + JSON.stringify(httpResponse));
        }
    });

    response.success("Job triggered.");
});

// This function is used as a final check before running your job.
// Use it to add any checks before running the job.
function validateParboardJob(request) {
    // if the request isn't originated from Parboard, don't run the job
    if (request.headers.origin !== "https://api.parboard.com")
        return false;

    // you can add any checks you want here!
    // ...

    return true;
}