REST API and authentication or not?

Question

I'm asking questions about developping application from scratch and I have some troubles : I'll have a front-end part (Angular) and a backend, they will classically communicate throught REST API on backend. And for the context : this application (front + back) will be deploy on each equipment which want to use application, so there is no public global server API.

The question is : do I need in this context to authenticate requests made to backend ? Or do I have to consider that being local webservices no authentication is required ? And if I have to, knowing that Rest application must be stateless, should I use OAuth(with a little state part) + JWT excluding HTTP Session authentication ?

Thank you so much, there is some concepts I do not understand.

Edit : globally, the question is when to develop a simple REST application and when to develop authentication part for security ?

Answer 1

Normally the front-end should absolutely be authenticating in order to do REST services. Typically using something like OAuth so client can each get a unique token to authenticate with.

If you are saying the server and client are both deployed on an isolated device, my first question would be why you are using that architecture? It might be okay to avoid authentication under those circumstances, but you'd really need to spell out the logic behind having a client-server separation in the first place, and consider what attacks are possible.