Level 46
JWT is good for authenticating users but no good for securing an API.
Get API users to generate an API key and make them to send it in a header with requests. Then do any checks you need in some middleware.
Feb 13, 2020
4
Level 1
Securing API ( JWT )
Hello, i am using JWT token based auth and everything related to it.
I am not sure how can I secure my app. When i say secure i mean how can i prevent users to make requests to my API from their for example desktop programs.
Since i am using axios to perform GET and POST requests anyone can see api endpoints cuz they are on front end and they can figure out whole URI needed to send request. After that they can basically imitate request using Postman or any other tool out there, they can also make their own applications and perform requests to my API and I dont want that, so what's the solution ? How can i prevent this ?
Level 1
"Get API users to generate an API key and make them to send it in a header with requests."
Can you elaborate this little bit ?
Level 67
@tntman You should use Passport to secure your app. It is easy to setup. It handles all of your API auth intrinsically through headers. Watch this video for a deep dive on how this works under the hood.
Just use Passport. Much easier and very secure.
Alternately, check out Laravel Airlock.
24 likes
Level 1
I saw your links and they are not providing answers to my questions
Please or to participate in this conversation.