Reputation: 1280
React. Securing communication between frontend and backend located on the same server
I have api.example.com and example.com.
I need example.com could exchange data with api.example.com but I don't want to take some extra security measures. Before now I sent request to api.example.com (axios.get("http://api.example.com")), but there I used JWT tokens. No there is no need in them, how to make secure communication?
Upvotes: 1
Views: 885
Answers (1)
Reputation: 1489
You could use a private API key to secure communication. Here's the general approach:
1.Come up with a complicated password, and use a PROVEN hashing algorithm to obfuscate it. This is your API Key.
2.Every request from the front-end to the backend should contain the API key, preferably as part of the Headers under Authorization property, like so:
Authorization: Apikey TEST_API_KEY
3.Your backend decodes the hashed value with the same hashing algorithm and compares it with the password, if it's not a match, send a 401 status!
Make sure your requests are over HTTPS as that way, the request is encrpyted.
Upvotes: 1
Related Questions
- Securing my API to only work with my front-end
- Securing an API from other web apps
- Secure API Call in React JS
- Security for React front-end and Node back-end
- What is the proper way to handle key-secured API operations with a React front-end?
- Best way to secure the communication between front-end and back-end
- Connecting front end and back end React / Node.js
- how securing a public nodejs api to only requests from the frontend
- Securely decouple backend and frontend (node.js server)
- How to secure client app (react) and API communication