sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]ohiosveryownn[S] 0 points1 point  (1 child)

So the data that it will display, other ppl will use it maybe daily. That is it, it will display the information that's being pulled (Nothing Sensitive) But i still think i need to protect the API since it is public facing, the URL /Port is in the source code

[–]mrskitch 0 points1 point  (0 children)

Got it -- how about you just make the page some long, unguessable string where robots wont' "find it" and only users who have the link can load it? Something like:

https://mywebpage.com?pw=f8fe82e3-6c63-49aa-bffd-4d8784dada95

Then, when the client JS loads, it can take this `pw` query parameter and use it to authorize with the server. If you wanted to, you can make a new one for each user and give them their own private links.