How to ensure security of api’s Rest

Asked

Viewed 83 times

1

I’m creating a system using MEAN Stack and I came up with a question ..

My angular client application requests the ex api: POST http://127.0.0.1/api/product

If some malicious user found the url of the api he could post without going through the client of my application for example, is there any way to avoid/circumvent it ? Like making requests for my api only from the client I allow ?

  • Usually you create a hash that works only for that session, only it implies not letting your Restful application which is the default that prevents you from having any session control

1 answer

1


Check how the authentication standard works Oauth2, is the most widely used solution to ensure access to your resources in a secure manner.

  • I looked into Oauth. From what I understand, it serves to authenticate a user in the application, with this authentication I would do a permissions control for certain system functionalities ? That’s how it would work ?

  • Exactly, that’s the way it is!

  • Thank you Felipe, I will study more in depth this issue of Oauth.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.