1

I have a rest service that I need to use in a browser web application using a JS MVC client framework like Backbone or Angular. But I need to ensure that my rest services are not exposed or anyone else may not be able to use my rest service to build apps on any device/client. Earlier I thought of protecting my web service using authentication credentials and hiding it behind a proxy and let the proxy serve html instead of service.

But I would like to know how can I secure my web service if I have to use it directly from front-end using ajax calls.

mickeymoon
  • 4,820
  • 5
  • 31
  • 56
  • "Earlier I thought of protecting my web service using authentication credentials" - what made you abandon this thought? As for a different approach, some of the public API's that require paying (or registration) issue unique codes that must be sent along with the request. If you serve the only web application being allowed, you could do that and make the code change often. As long as the web app and the API share the knowledge of what code is correct at a given time... – chiccodoro Aug 04 '14 at 12:21
  • I have seen public apis providing keys for authentication but then how these keys are secured inside the webapp. – mickeymoon Aug 06 '14 at 06:02
  • Can you rephrase that? What exactly do you mean by "secured inside the webapp"? – chiccodoro Aug 06 '14 at 06:35
  • What I mean is my key would be visible on the source of a web page or in the developer tools panel of the browser. How do I secure it then? – mickeymoon Aug 11 '14 at 05:02
  • I think this depends on what your security requirement is (="why" do you want to close the API?). => Is it to secure the user's data. Then you will need to introduce authentication. => Is it that you don't want others to build software using your API? Then I reckon that legal ways of protection might be more important. – chiccodoro Aug 11 '14 at 06:49
  • yes, I don't want others to build software using my API. In case I rely on legal ways is there a way I can license the use of APIs. – mickeymoon Aug 12 '14 at 10:15

0 Answers0