Reputation: 91
API Calls from HTTPClient or Backend?
I'm currently developing an Angular 6 page where we are doing some Http Post calls and sending the authentication as the header. The header is static (fixed password).
Is there any security differences sending it from the Angular frontend side with HttpClient, or sending it to an endpoint in our Node.Js backend (on cloud premises) and sending it there? Our thinking is that the "header" will be "hidden" for the client since we are sending it through our backend instead.
Another note, we will have the entire site behind authentication, and the clients logged obviously have the right to see the authentication, but we would like preferably not to.
Any thoughts and suggestions?
Upvotes: 1
Views: 328
Answers (1)
Reputation: 768
Depending on what you are trying to do with your post request, In previous projects I have worked on we have used your second approach and used a backend to validate requests before sending them on as I also have worked with secure systems and as a rule of thumb don't trust the client.
Here is some information from Angular's website on security with HttpClient https://angular.io/guide/http#security-xsrf-protection
I hope it helps.
Upvotes: 1
Related Questions
- What is the relationship between authentication/authorization in my frontend and my api backend?
- Which authentication method is good with Angular front end and .net core backend
- REST API calling from Angular application
- Backend authentication, where to start?
- External API calls from the frontend or backend?
- Connect AngularJS app to backend using credentials (Beginner/Intermediate)
- REST backend vs REST API (or API Backend)
- AngularJS best practice application authentication
- Angular JS security best practice
- AngularJS: how to implement server-side or client-side authentication?