I'm currently working on a project with some guys and I'm building the back-end using node.js and Express. I've created some endpoints to allow the front-end (using vue) to consume data.
But I want to protect my api in order to block anyone else from the front and my team to consume data through the endpoints.
How can I make sure no one can access my data ?
Asked
Active
Viewed 299 times
0
Louis
- 3
- 2
-
Does this answer your question? [How to implement a secure REST API with node.js](https://stackoverflow.com/questions/15496915/how-to-implement-a-secure-rest-api-with-node-js) – VLAZ Dec 27 '19 at 23:43
-
@Louis great timing, I just spent the past few days getting up to speed on securing my node.js / express routes (API returning JSON payloads) with Bearer Authorization token using JSON web tokens (JWT). I'm just experimenting thus far, but I have a whitelisted array of authorized IP addresses (using DOTENV), I allow these machines to make requests and I issue them signed JWT's. Then any subsequent requests include the bearer token in the header. Before returning http response 200 and the JSON response, I validate the JWT. I'm still researching / learning though, to make sure its solid. – tamak Dec 28 '19 at 00:33
-
here's a tutorial / video on the subject that I saw a few months back, hopefully it helps: https://www.youtube.com/watch?v=7nafaH9SddU – tamak Dec 28 '19 at 00:35