0

What is best way to secure API calls from AngularJS / HTML pages to a Laravel PHP backend?

To be clear, I'm NOT talking about user login authentication.

I'm planning an API based application. I would like to read the JSON data from my API into an page using AngularJS, before any user is asked to sign up or log in.

I need to ensure that only my client front-end can access this data. Is there an existing system to send a token or utilise my secret key, to ensure that only my front-end can access my API? I would also like to be able to revoke access from a specific client or tenant.

What are security options for this set up? I'm thinking along the lines of JWT, CORS etc... This is my first attempt at such an application, so please forgive my ignorance!

Improve this question

1 Answer 1

Reset to default
1

With CORS you can block ajax calls that doesn't come from your web application's domain by setting some header parameters. However, it's still possible to send requests in other ways (e.g. with cURL), so i wouldn't ever give sensitive informations through public APIs.

It isn't possible to be 100% sure that the call comes from your web application. If you want your API to be safe, allow only authenticated users to call it.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.