Reputation: 3577
how to make API call from angular js more secure. Do we need to pass some key?
I am new to angular js. I wonder how safe angular js is for enterprise level application. The URL which i call from angular can be invoked by anyone if they know the API url. So how can I make my API call safe. DO i need to pass any key, or encrypted key to server to avoid unwanted request. All I need is to make my API call more secure. Even if my API url is exposed to users, no one should make use of it.
Upvotes: 1
Views: 2035
Answers (2)
Reputation: 7576
Perhaps this question is a bit to broad for SO since you are more or less asking how to handle security on a website in general (if you have a more specific code question, please rephrase it). But I'll try to add a few extra pointers and comments on top of what others have already mentioned.
First of all the answer to your direct question is yes. Angular is secure enough for enterprise applications, but this is kind of a meaningless answer. Angular is at the end of the day still just javascript running on the frontend, it doesn't in and of itself make a difference for security.
What is more important to remember is that there is no such thing as frontend security. The core issues here are that your files are always accessible by end-users, anyone can always make calls against your APIs and anyone can read any api-keys or the likes that you store in your code. Frontend code is literally loaded onto the computer of the user, assume they have full access to everything.
While there is a frontend component to security the core of it will always be a matter for the server. The server needs to validate that the person who is sending a request is who he or she claims to be, for example using a session cookie. If you have important data or user logins then you also need to run SSL (which encrypts the data traffic) to make sure there is no man-in-the-middle, i.e. someone listening to your data and stealing the session cookie (or worse things) from the user.
Of course storing sensitive user data like passwords, personal data or credit card numbers on a server is a whole science in and of itself, and can be heavily regulated by law.
I guess that in summary you can say that for the frontend you are good as long as you use SSL and you don't expose any API-keys or similar. But if you want security for an enterprise app you need people backend who know what they are doing to do the heavy lifting.
Upvotes: 1
Reputation: 1758
It is not up to Angular to make your request 'secure'.
You'll have to deal with requests on server side and how to do that is up to your back end logic.
Also keep in mind that anybody can access your angular(.js) files.
Upvotes: 0
Related Questions
- Securing restful api calls
- AngularJs php rest API secured communication
- How to protect RESTful service?
- Securing .NET JSON Web Api Service Consummed by AngularJS
- Secure REST API without user authentification (no credentials)
- How to secure my AngularJS and Web Api application
- How to secure an AngularJS application that does not use authentication?
- Angular JS security best practice
- Angular REST API security
- Angular.js app - api secruity