Ask HN: How do I secure my REST API?
I've recently built a REST consuming web-app with a user account system. While I'm choosing not to store sensitive data such as passwords (using Google/Facebook), I'd prefer to prevent just anybody from accessing the REST endpoints. What are some good ways of doing this? The app is using the MEAN stack.
Also, security is REALLY not my forte, and this side-project isn't monumental or anything, so I'm willing to sacrifice some security for brevity and ease-of-use.
2 comments
[ 5.7 ms ] story [ 19.9 ms ] threadYou should also sanity-check your GET/POST requests, to make sure they contain ONLY what is allowed.
There are many other things you can do, but I can't think of them right now.