susdu
Reputation: 862
JWT as an API access control mechanism
how does JWT solve the problem of a web application serving the user with data from an API, while preventing the user from accessing the same API directly? Any encryption in the client side can be altered / intercepted.
Answer : it doesn't, it's impossible to protect a public API without authentication
Upvotes: 1
Views: 66
Answers (1)
Noam Hacker
Reputation: 4825
every request has a signature, changing the request will invalidate the signature
Any encryption in the client side can be altered / intercepted.
this is not true because the client does not have the private key
Upvotes: 1
Related Questions
- Are JWTs a secure option for user authentication?
- Securing Rest APIs with JWT
- JWT Token Security vulnerability and request for possible solution
- JWT authentication concept
- Using JWT to implement Authentication on Asp.net web API
- Securing a JWT token
- Central JWT authentication / authorization service
- How practical would this JWT Implementation be?
- Authentication with JWT and JSONAPI
- JWT and securing https REST api