ExpressJS REST API-Best practice for internal use only endpoints
Question
Use case: I'm building a MEAN stack web app that adds functionality on top of an existing API service. Said service publishes an array of approximately 800 objects (that will grow by less than 25 objects a week). In order to avoid adding lots of load to this service and to speed up performance on my app I would like to "cache" the objects in my application.
My question is what would be the best practice for keeping this "cache" up to date? Express naturally lends itself to RESTful CRUD operations but I don't want to expose a public endpoint that would allow anyone to add or modify the objects from the external service.
What is the best way to restrict access to endpoints that will only be used by the application itself? Does it require a full fledged authentication scheme or is there a way to simply ignore requests that don't come from within the application itself? Or should this be done using something other than a RESTful api endpoint?
2 answers
solution1
0 2016-02-04 03:05:49
The simplest of all solutions would be basic auth which is totally okay if you use SSL. A more sophisticated solution would be Oauth2.
If you don't want to implement an authentication strategy you could require a client certificate in your new MEAN stack service (2waySSL with behavior "Client Certs Requested And Enforced").
solution2
0 2016-02-04 07:53:02
还可以结帐Express-JWT , JWT或JSON Web令牌,这是向API添加身份验证的简便方法。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.