How to make an API secure ? #1743
Comments
|
Your App API should be making a login request and work with cookies, this way you can track who the user is and you basically get a |
|
kinda like this in my API, I'll send the user object in the backend. In the backend, exports.propertiesListByUser = function(req, res, next, id) { Property.find({req.body.username: id }).sort('-created').populate('user', 'displayName').exec(function(err, properties) { So before it starts searching for the mongodb, it should make sure, who the user is and if the login usename, password is correct and only then it would let it search in the database,
Rather than doing the whole above process, Or i can also use jwt tokens to authenticate, who the user is. I think the first method is easier. |
|
it's called authentication, doesn't matter how you implement it, you'd eventually have a req.user object with this information. |
I'm using mean js as a backend, front end I have ionic.
If have an API that should be callled only when the user is logged in, how do I make sure that the call is being made by that specific user that just logged in ?
Coz there's no any kind of token being sent from mean/ backend which makes sure who is calling the API. Your suggestions would be appreciated :-)
The text was updated successfully, but these errors were encountered: