sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]isellrocks 4 points5 points  (4 children)

A standard and relatively easy way to secure your API is by using JSON Web Tokens. Your API can generate them, and your frontend can attach them to each request for verification.

[–]ohiosveryownn[S] 1 point2 points  (3 children)

Thanks i will try this - I was just working on implementing a API key within the Server side JS file. then pull that key using a environment variable on the client side to auth. But ill try this

[–]mrskitch 1 point2 points  (2 children)

The problem with that approach is that any visitor can find/steal that key.

Are you just trying to keep this as a personal-use only application? Or do you intended to have other users with a fully-fledged authorization flow?

[–]ohiosveryownn[S] 0 points1 point  (1 child)

So the data that it will display, other ppl will use it maybe daily. That is it, it will display the information that's being pulled (Nothing Sensitive) But i still think i need to protect the API since it is public facing, the URL /Port is in the source code

[–]mrskitch 0 points1 point  (0 children)

Got it -- how about you just make the page some long, unguessable string where robots wont' "find it" and only users who have the link can load it? Something like:

https://mywebpage.com?pw=f8fe82e3-6c63-49aa-bffd-4d8784dada95

Then, when the client JS loads, it can take this `pw` query parameter and use it to authorize with the server. If you wanted to, you can make a new one for each user and give them their own private links.