Maybe I'm missing something obvious, but I can't find this in the docs: Does this handle users and permissions, as, I believe, Parse can? I can't have just any user able to change any data.
What's the difference to the "clientKey" of Parse's SDK? The requests should be served over SSL anyway, so if your point is you don't want to distribute a key you got the same problem with Parse. You can obfuscate the key though.
It doesn't matter whether you use SSL or not. If it's in your app, it can be found quite easily.
Parse provides you with a few different keys and also offers ACL functionality. I'm still not too crash hot on expecting the client to setup an ACL on their own objects though...
I am interested with all the tools running above Node.js, but what is exactly the purpose of this web app backend? Using a database? Some explanations would be welcomed. I found only a list of classes.