We want to create a user account in the Sync Gateway for our Flutter app so that the user can log in with credentials and sync data to the server via the Sync Gateway. However, for obvious reasons, the Public REST API does not have an endpoint to create a user account, only the Admin REST API. Therefore it is clear that we have to put our own backend in between, to which the app sends the credentials and the backend then creates the account via the Admin REST API. But how do we secure our backend so that we can not get spammed with credentials and false accounts are created?
The way most services typically deal with this is to require a unique email address and send an email validation link before allowing registration.
This still doesn’t quite stop a user with a catchall email, or aliases from registering multiple accounts - but for most this is an acceptable tradeoff given the ease of implementation.