Django REST Api Security Architecture

Asked Jul 03 '21 at 02:33

Active Jul 03 '21 at 02:33

Viewed 246 times

My sites architecture. Both components are hosted on AWS via elasticbeanstalk.

Frontend: React gets data via API Endpoints served from backend

Backend: Django REST Framework

I want to restrict api access such that:

only the frontend can grab data from the REST API, some data is public to anyone on the site, some only accessible to signed in users
whitelisted developers can access data from the REST API such that they can develop the frontend display of that data
No other machine, site, service, person, alien can access the REST API unless we know about it!

Willing to research and learn required to implement a solution like this, just would like to have some guidance as I am a young Padawan.

asked Jul 03 '21 at 02:33

internetanswerthy

1

You cannot restrict the API access to your frontend. It runs on a user machine in the browser, so your API is technically available to everyone. You can only limit access by authorizations via username/password – Alexandr Tatarinov Jul 03 '21 at 08:33
@AlexandrTatarinov I don't imagine my use case is unique. Would this https://stackoverflow.com/questions/13895679/how-do-i-secure-rest-api-calls post be along the right vein. – internetanswerthy Jul 03 '21 at 16:20

0 Answers0