Answer the question
In order to leave comments, you need to log in
How to secure public backend routes?
Hello.
There is a slight misunderstanding here. There are separate front-end and back-end applications. Communication between them is built on tokens. But tokens are only used to protect private routes. The user enters a login / password and sends it to the backend, the backend checks them, if everything is ok, then it issues access and refresh tokens. Everything is clear here.
How are public backend routes protected? Or are they not protected? Well, that is, for example, I have a public route /api/items through which the frontend receives a list of something. And I want only a certain frontend to access it, and not any other, so as not to parse the entire list of my items, cURL, for example.
Is it worth it to bother or is it paranoia?
Answer the question
In order to leave comments, you need to log in
for example PEK public api doesn't require any keys. But Delline requires an api key.
For me it's better without the keys.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question