Javascript API not behaving as expected

Hi,
When I perform the following query using curl

curl -X GET -H "X-Parse-Application-Id: APPLICATION_ID" -H "X-Parse-Master-Key: MASTER_KEY" http://192.122.122.122:1337/parse/classes/GameScore/iPXxXjpJSg

I can see on the server side that AppId and Master Key are part of the http headers

verbose: REQUEST for [GET] /parse/classes/GameScore/iPXxXjpJSg: {} {"body":{},"headers":{"accept":"*/*","host":"192.122.122.122:1337","user-agent":"curl/7.64.1","x-parse-application-id":"APPLICATION_ID","x-parse-master-key":"MASTER_KEY"},"method":"GET","url":"/parse/classes/GameScore/iPXxXjpJSg"}

and the query being run looks like

{"objectId":"iPXxXjpJSg"}

Yet when using the Javascript API

  Parse.initialize("APPLICATION_ID","","MASTER_KEY")
  Parse.serverURL = 'http://192.122.122.122:1337/parse'

  const GameScore = Parse.Object.extend("GameScore");
  const query = new Parse.Query(GameScore);

AppID and MasterKey are not part of the Request Headers

verbose: REQUEST for [GET] /parse/classes/GameScore: {
  "where": {
    "objectId": "iPXxXjpJSg"
  },
  "limit": 1
} {"body":{"limit":1,"where":{"objectId":"iPXxXjpJSg"}},"headers":{"accept":"*/*","accept-encoding":"gzip, deflate","accept-language":"en-US,en;q=0.5","cache-control":"no-cache","connection":"keep-alive","content-length":"179","content-type":"text/plain","host":"192.122.122.122:1337","origin":"http://localhost:3000","pragma":"no-cache","referer":"http://localhost:3000/","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Firefox/91.0"},"method":"GET","url":"/parse/classes/GameScore"}

and the query being tun looks like

 {"objectId":"iPXxXjpJSg","_rperm":{"$in":[null,"*","*"]}}

I would have expected the queries to have been similar
What is going on here?

Thnx

Can you share how you are executing the query? In order to send the master key you need to run the query with the useMasterKey option: query.find({ useMasterKey: true })

Note that, for security sake, it is not recommended to use the master key from the client for most use cases.

Hey Thanks for ur help. New to this tech stack. I am using a simple React front end. I added the API u referred to and am still seeing the same behavior

import logo from './logo.svg';
import './App.css';
import React, { useState, useEffect } from 'react';  // Always have



function App() {
  const [score, setScore] = useState()

  const Parse = require('parse/node');

  Parse.initialize("APPLICATION_ID","","MASTER_KEY")
  Parse.serverURL = 'http://192.122.122.122:1337/parse'

  const GameScore = Parse.Object.extend("GameScore");
  const query = new Parse.Query(GameScore);
  console.log(query)

  useEffect(() => {
    console.log('hit from UE')
    query.find({ useMasterKey: true })
    query.get("iPXxXjpJSg")
    .then((gameScore) => {
      console.log('test')
      setScore(gameScore.get("score"))
    } , (error) => {});
  }, [])

  if (score !== undefined) {
    return (
      <div className="App">
        <header className="App-header">
          <img src={logo} className="App-logo" alt="logo" />
          <p>
          The score was {score}.
            Edit <code>src/App.js</code> and save to reload.
          </p>
          <a
            className="App-link"
            href="https://reactjs.org"
            target="_blank"
            rel="noopener noreferrer"
          >
            Learn React
          </a>
        </header>
      </div>
    );
  } else {
    return(
      <div>
        Loading
      </div>
    )
  }
}

export default App;

Ok, a little banging on the code, learning the APis and this worked for me, Thnx for the ptr

    query.get("iPXxXjpJSg",{ useMasterKey: true })

I’m glad you figures it out. But, again, I’d not recommend you to use the master key on a React frontend. Anyone would be able to easily find it and read/erase your entire database.

Yes thank you and agreed. Traffic is filtered by IP and I shut down the server when not using it. Once I groc security wrt to Parse, I will set it up the recommended way