Authenticate all Request to REST API with no username/password to get any token
Question
I am selling products, API fetch product from node back-end and show on angular front-end, Back-end is centralized and angular front-end is on multiple domain, I need to authenticate all request made from my angular front-end to node back-end. Users d't have account. I need to make sure no one else copy the product data via POSTMAN or other services. JWT is not working as request are exposed so token can be copied so authentication won't work. I need only my angular front-end can make the request and i can verify the origin of request. Can anyone suggest me what should i try next? Any help will be appreciated. Thanks in advance.
2 answers
solution1
0 ACCPTED 2017-11-28 05:52:23
Maybe something like checking the originating IP address? You should be able to get the IP in a Node Express backend with something like
if (req.ip == 127.0.0.1) // whatever IP your angular app is hosted at
solution2
0 2017-11-28 05:56:55
You can try whitelisting the front end domains either by CORS properties or use a middleware to check the request url.
Middleware Example
var whitelistedURL = ['abc.com','abc.xyz']
function(req, res, next){
if(whitelistedURL.indexOf(req.originalUrl)==-1){
res.send({
status: 'Unauthorised'
})
}else{
next()
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.