Configuration with ClientKey

Hi guys! I was faced with a problem related to the client key configuration for my server. I have defined the clientKey property for parse server configuration and my code to start server looks like this:

const api = new ParseServer({
    databaseURI: databaseUri || 'mongodb://localhost:27017/dev',
    serverURL: process.env.SERVER_URL || `http://localhost:${port}${mountPath}`,
    appId: process.env.APP_ID || '*MyAppId*',
    masterKey: process.env.MASTER_KEY || '*MyMasterKey*',
    clientKey: process.env.CLIENT_KEY || '*MyClientKey*',
    cloud: process.env.CLOUD_CODE_MAIN || 'cloud/main.js',
    liveQuery: {
        classNames: ['TestModel']
    }
});
const app = express();
app.use(express.static(path.join(__dirname, '/public')));
app.use('/', require('./cloud/main.js').app);
app.use(mountPath, api);
const httpServer = require('http').createServer(app);
httpServer.listen(port, () => {
    console.log(`Running on http://localhost:${port}`);
});
ParseServer.createLiveQueryServer(httpServer);

When I make a request to the local server to call the cloud function (I specified the headers for AppId, MasterKey and ClientKey), it gives me an error - 400 Bad Request with {"error":"unauthorized"}. It’s also worth noting that the function uses the useMasterKey property:
const config = await Parse.Config.get({ useMasterKey: true });

I found 2 ways to make the function work, but these solutions don’t work for me:

  • Remove ClientKey from the server settings. Then it won’t be required and the request will go through. But for this we only have to specify AppId in the headers, I want to leave the security of requests using both AppId and ClientKey;
  • Remove the use of { useMasterKey: true } inside the function. This is basically impossible, because the configuration stores information without which the function will not run, and hardcoding is bad form.

I have looked through the documentation and many questions on the internet, but I have not found a solution to the problem. What could be the problem with this behavior?

P.S. All server and query configuration keys are correct and identical.

Would you mind to share the code that you are using to initialize the SDK? Also note that, for security reasons, it is not recommended to use master key on client apps.