Answer the question
In order to leave comments, you need to log in
J
J
Jedi2018-10-28 01:56:57
Jedi, 2018-10-28 01:56:57
How to secure the API?
Good morning!
We wrote a mobile application that will interact with our server.
The server is quite simple. It accepts JSON and responds.
There is one nuance ... If some smart guy finds the server address, then he can easily send requests to our server via curl . Since the API is simple, it will fulfill these requests, as long as they are valid.
How can you secure the server?
Heard about JWT. Is this the solution?
A little about the API.
It is written in Koa. It registers users, changes some of their data, and performs various other CRUD-type operations.
This is a new experience for me).
Thank you very much in advance!
2 answer(s)
@Azperin
Duck this api and should deal with. What is the safety issue? If you are afraid of an influx of requests, put a limit on the token or with something like https://github.com/koajs/ratelimit
@marataziat
A
Alexey, 2018-10-28 @Azperin
Since the API is simple, it will fulfill these requests, as long as they are valid.
Duck this api and should deal with. What is the safety issue? If you are afraid of an influx of requests, put a limit on the token or with something like https://github.com/koajs/ratelimit
M
marataziat, 2018-10-28 @marataziat
There is no protection from this. Only if CSRF makes it difficult, or captcha. https://www.owasp.org/index.php/REST_Security_Chea...
Similar questions
N
L
LinuxGod2020-06-09 14:01:13
How to check and validate authorization tokens on the client side?
1Reply
W
R
Raccoon2018-07-24 08:58:45
Should I create different tables to store JWTs (web and mobile API)?
2Reply
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question