We are currently implementing a web application using APIs and front-end JS libraries. One concern that is currently arising from a security point of view:
is it an issue exposing these API calls in front-end code? Since this will be a public website, an example of an API call would be getting all available products. Is it possible for the webpage to display all available products with API call (without user having to sign in), but not allow others to make this call outside of the website (for eg using a tool like fiddler)?
I guess I am looking for either an architectural pattern and/or best practices for using APIs in the front-end of publicly accessible websites.
Any guidance/links very much appreciated
Aucun commentaire:
Enregistrer un commentaire