1

I have a spring boot based REST API deployed on a private Port 7070(embedded tomcat) which is not accessible via internet. Also, I have made a angular app which is deployed on public port 9070 which is accessible via internet.

When i am trying to login into my angular app and calling 7070 it is giving timeout error because it is private port and can't be accessed via public internet.

Is there a way to call my rest API from my angular app or i have to expose rest API on some public port (9070 is this case)?

Siddharth Singh
  • 65
  • 2
  • 12

1 Answers1

0

Yes, you need to expose it.

The angular (javascript) application will run on the client's browser - therefore, it can only communicate with the backend through the internet.

There are several security improvements, which can make this communication more secure, just a few of them:

This last one is actually the closes thing you can do to shield the backend REST endpoint from the internet. This way, you can setup your angular application, to communicate with the Proxy Server instead of the Backend Server, and the Proxy Server will redirect communication - but you still need to expose at least one port to the public internet.

ForestG
  • 17,538
  • 14
  • 52
  • 86
  • if i expose it then i have to set API access credentials at my angular app which can be visible to outside world. Is there a way to not call API from client's browser but from server side – Siddharth Singh Aug 27 '20 at 08:48
  • yes, but you have to create a mediator layer (the proxy server I mentioned, or a simple backed app) which will call your protected API. Access credentials can be shared with the outside world tho. Check out signed JWT tokens, it's exactly that, in a secure manner. – ForestG Aug 27 '20 at 09:09