How to protect public routes backend?


Warning: count(): Parameter must be an array or an object that implements Countable in /home/styllloz/public_html/qa-theme/donut-theme/qa-donut-layer.php on line 274
0 like 0 dislike
64 views
Hi all.

There is a slight misunderstanding here such question. There are separate frontend and backend application. Communication between them is built on the tokens. But tokens are only used to protect private routes. User enters login/password and sends it to the backend, the backend checks if everything is OK, it issues access and refresh tokens. Here everything is clear.

How to protect public routes backend? Or not protecting them? I mean, for example, I have a public route, /api/items at which the frontend gets a list of something. And I want only a particular frontend have access to it, and not any other, not to spars the entire list of my items, cURL, for example.

Is there to bother or is it paranoia?
by | 64 views

2 Answers

0 like 0 dislike
for example PEK public api does not require any keys. But Delline requires the api key.
For me it is better without the keys.
by
0 like 0 dislike
CORS
And, you can for each anonymous user to create a token, to deny requests without token and hang more rate-limit per user.
by
110,608 questions
257,187 answers
0 comments
40,796 users