0

I am creating a payment gateway integration where merchant can allow user to pay either via card, cryptocurrency or bankwire. I want only my frontend to be able to access the API. One way of doing is that whitelisting IP of my frontend on my flask application which acts as the backend. Any other suggestions to how properly secure the API's as it will transfer really secure information bw the internet

Improve this question
1
  • 1
    You can use the jwt token header (jwt.io) for each API request and validate it at flask. Request for jwt token during signing in and then keep it in localstorage. append the jwt authentication in every request header. Commented Mar 2, 2020 at 9:21

1 Answer 1

Reset to default
1

Three things here:

  • Token based authentication (as Nibin already said)
  • CORS on the server side to allow requests coming from your domain name only
  • HTTPS
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.