API to Database - architectural question

Hi Folks,

currently, I’m working on a little side project which is a mobile application.
I want to use MongoDB and most probably NodeJS/ExpressJS for my REST API.

I’ve read some articles about how to secure my API with Auth0… that’s fine so far.

Now to my open questions:

  • My API has the connection String with, of course, always the same user. Is this a common approach? Do I need to separately secure this connection between NodeJS and MongoDB? If yes, can I do this with Auth0?
  • I want to use Auth0 for user logon and MongoDB to store the actual data. For that I want to use an UUID to safe/query the corresponding user data into/from the database (my thoughts: when the DB gets hacked no one is able to linkt the data to the user). Can I use the user_id attribute of Auth0 for this purpose? Does this make any sense, anyway?

Hopefully someone can answer my questions :slight_smile:

Thanks in advance!

Hi @Steve_P,

Welcome to the Community!

Do you want to set up a Custom Database that Auth0 connects to and houses you user’s authentication data (like password hashes and such)? Or a database you store non-auth user data (like blog posts, photos, etc) after authentication with an Auth0 DB/social connection.

The user_id property is the UUID we use and is often used for making a logical connection with a user’s data on a backend DB. As for the security benefits of not storing things like email/personal data, you may be better off asking that kind of general security question on information security stack exchange.