How to secure the connection to my separately API server?

Let's say I have two different servers:

On one server, I'm using a simple single-page application (SPA) with static files.
On the other server, I'm using Laravel or Lumen as an API-server.

I'm just not sure, how can I secure this connection between those two servers, so that foreign request from other servers are not able to do anything?

For example, I have a simple form on the SPA and I want to send it to the API server so that it can send me an email back to me. Nothing special. Now it's easy to find out what the endpoint is. I want to prevent others to send a request via the endpoint. How do you do it?

I have looked up for solutions. But usually, I have ended up with Laravel Passport. But that's not really what I'm looking for. I don't need OAuth. I don't have users on the SPA.

Thank you for your help!

madprabh

5 years ago

Best Answer

Level 8

If I understood your questions correctly, I think something like Laravel Sanctum can help

https://laracasts.com/series/whats-new-in-laravel-7/episodes/6

Your client(Vue SPA), however, should be in the same domain as the server for this to work.

1 like

shadrix

5 years ago

Level 12

@madprabh Ok wow. I think that's perfect. Going to try it out :) Thanks!

Edit1: There are two things that I don't understand:

Do I need to have registered users? I currently have no needs for users
Let's say I want to have users. Where does the registration of the user happen? In the video you showed me, he added the user in the backend UI. But in my case, I don't want the user to visit the backend...

Please or to participate in this conversation.