API to Database - architectural question

Hi Folks,

currently, I’m working on a little side project which is a mobile application.
I want to use MongoDB and most probably NodeJS/ExpressJS for my REST API.

I’ve read some articles about how to secure my API with Auth0… that’s fine so far.

Now to my open questions:

  • My API has the connection String with, of course, always the same user. Is this a common approach? Do I need to separately secure this connection between NodeJS and MongoDB? If yes, can I do this with Auth0?
  • I want to use Auth0 for user logon and MongoDB to store the actual data. For that I want to use an UUID to safe/query the corresponding user data into/from the database (my thoughts: when the DB gets hacked no one is able to linkt the data to the user). Can I use the user_id attribute of Auth0 for this purpose? Does this make any sense, anyway?

Hopefully someone can answer my questions :slight_smile:

Thanks in advance!

Hi @Steve_P,

Welcome to the Community!

Do you want to set up a Custom Database that Auth0 connects to and houses you user’s authentication data (like password hashes and such)? Or a database you store non-auth user data (like blog posts, photos, etc) after authentication with an Auth0 DB/social connection.

The user_id property is the UUID we use and is often used for making a logical connection with a user’s data on a backend DB. As for the security benefits of not storing things like email/personal data, you may be better off asking that kind of general security question on information security stack exchange.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.