TE
TechEcho
Home24h TopNewestBestAskShowJobs
GitHubTwitter
Home

TechEcho

A tech news platform built with Next.js, providing global tech news and discussions.

GitHubTwitter

Home

HomeNewestBestAskShowJobs

Resources

HackerNews APIOriginal HackerNewsNext.js

© 2025 TechEcho. All rights reserved.

Ask HN: How do I secure my REST API?

1 pointsby laminaalmost 10 years ago
I&#x27;ve recently built a REST consuming web-app with a user account system. While I&#x27;m choosing not to store sensitive data such as passwords (using Google&#x2F;Facebook), I&#x27;d prefer to prevent just anybody from accessing the REST endpoints. What are some good ways of doing this? The app is using the MEAN stack.<p>Also, security is REALLY not my forte, and this side-project isn&#x27;t monumental or anything, so I&#x27;m willing to sacrifice some security for brevity and ease-of-use.

2 comments

arisAlexisalmost 10 years ago
Usually you put a filter mechanism so some endpoints are restricted. This checks for a valid token sent by the client (by sending it back to facebook). If you find this procedure slow you can also use good old sessions (although some people consider this stateful and thus not appropriate (I am not in this camp).
phantom_oraclealmost 10 years ago
If your API is meant for other developers to build-upon, you use public-keys and registration, just like how you registered to use Google&#x2F;Facebook login.<p>You should also sanity-check your GET&#x2F;POST requests, to make sure they contain ONLY what is allowed.<p>There are many other things you can do, but I can&#x27;t think of them right now.