Level 10
@talelmishali use the middleware auth to make sure everyone accessing it is your app users
Dec 27, 2020
5
Level 16
API visible to users?
Hello, I have an API route that simply returns a JSON with the product's information from the database, I use the route to for an Axios get request to push into a vue data.
When visiting the API address I can see the JSON response, how should I go about protecting it? I'm not sure I want it visible to users.
How do you usually protect your own API routes to use only from the server requests?
Level 16
auth:api will only assure me that the user can't access the URI, at the same time the XHR request fails with 401 (Unauthorized)
Level 6
I have the same doubts still.
I'm using Passport authentication to access the API for auth users, but anyhow any user can authenticate and see on the network tab and see what's going on.
So it is advisable to protect the API routes. Waiting for more answers.
Level 16
I want to be able to fetch all the products from the API route regardless of authentication of the user, I want to prevent accessing the URI, to begin with.
Level 6
I'm looking for the same thing.
Please or to participate in this conversation.