Telerik Platform allows you to build a secure app to protect both your assets and your customers' data and privacy. To do that, you need to understand the security concepts in Telerik Platform.
Requests to Telerik Platform must be authorized either with an App ID or an API Master Key.
The App ID is a unique number identifying your Telerik Platform app. It must be included in all client requests to the app.
The App ID is designed to be used on the client. For this reason you should always design your application's backend as if its App ID is public and then secure your data against unauthenticated requests using permissions. This means restricting the access rights of the Anonymous role.
See Finding Your App ID and Master Key to learn how to get the App ID.
Each Telerik Platform app has a unique API Master Key, also known as master key for short. It is used for a special kind of authorization that overrides the whole set of item- and type-level permissions of each content type and other secured resources such as Cloud Functions.
This authorization scheme is designed to be used in isolated cases such as specific administrative operations or testing. For example you can use it in an administrative application running in a controlled environment such as one of your company's web servers.
The master key should never be used client-side, nor should it be disclosed to third parties even in a human-unreadable form. Do not use it as an authorization mechanism in any request from the client app.
Master key usage is required when calling certain Backend Services APIs.
See Finding Your App ID and Master Key to learn how to get the key.
Telerik Platform supports SSL encryption to secure any incoming requests, but you can also choose to use unencrypted HTTP if you need to.
See the following article to learn how to make HTTPS requests to Telerik Platform: