From what I understand, Volt requires some level of auth in order to use it for items such as storage. Maybe you can create a proxy login for anonymous users?
Ok, maybe I was unclear regarding storage. I will have a secure environment (with login to a WordPress website, membership) where the values will be stored with PHP code (need to log in programmatically to Volt).
The web app will only read(Get) the values and they are not sensitive in any way (some Url:s).
ok, I can wrap this in my PHP code (some API calls with API key to my own API Rest services) and return the result to the nsbasic web app. But I thought that Volt would be a preferred solution for storing and retrieving these values.
Is there a potential for abuse in this scenario?
What I have tried (working fine) is to call my Rest API from Javascript inside the web app with my API key exposed (that’s not good), but i want to avoid that.
If I understand you correctly, it sounds like you are already authenticating users on your end. If that’s the case and you trust your users not to get up to any mischief, you can have you app login to Volt programmatically using a single user.
In essence, create your app, then create a user for that app. Once your user is created, you should be able to login with a call to $volt.auth.login - see http://wiki.nsbasic.com/Log_in
Once you’ve logged in with your user, you can store whatever you’d like. Keep in mind that the user’s password will be stored in the source code for your application - so any of your users will be able to see it if they look hard enough.
Let me know if this makes sense. Thanks for your question!
Regarding the information the web app will read (or Get), does it have to live on the Volt server?
Would this be something that can actually be added to database table or even as a flat file? I mean, you’ve already authenticated a user(s) on your app and that should give them access to the information or even if they are anonymous and they are a member, they would still already be authenticated.
As for exposing your API key in Javascript, that should never happen. You should use a wrapper that gets called from JS.