So I have an external REST API with authentication to receive data. In order to keep the authentication secure, I've made a Next.js API route as a middleware. I'm doing the calls to the middleware to get the data from the external API.
So far so good, but now I have exposed the authenticated API to the world. What do I have to do to allow only my app to get data from the API?
Do I have to add additional authentication between the app and the Next.js API? If this is the case could I just call the external API directly and skip the middleware?
