hello, i have been using back4app and is really helpfull. I have a question: I want to host a web page with parse so each user can delete their account from there, i have used the public folder in functions and web hosting, but it is telling me to initialize the server. But that means to put some of the keys, and if i do that anyone would be able to connect to my back4app app, so what should i do

🥰

Thank you! ;)

That is a very common question and many people have a misunderstanding about this topic. The keys used for initialising Parse are, ideally, protected, but those CAN be exposed without any major problems, as you can protect your App by using Access Control Lists (ACLs) and Class Level Permissions (CLPs). For the specific case you mentioned, you CAN expose your AppID and (probably) Javascript Key in the website, but then, you would need to ensure any user accessing that website should log in as a valid user. With that login process, you can use ACLs and CLPs to ensure that this user can only delete its own account and data. If you operate this through a Cloud Code Function, you can retrieve the Parse.User from the request prior to proceeding. So, in summary, the steps are: - Create ACLs and CLPs to ensure only logged in users can manipulate data AND an User can only manipulate its own data - Ensure the user is logged in prior to allowing any operation - Ensure to check the user permissions before executing any Cloud Code - You can expose your AppID and Javascript Key (and some other keys) this way, but NEVER EVER EVER expose your Masterkey.