Security measures for interacting with REST API by both frontend application and secondary backend service

I currently have a REST API backend service A that is being utilized by two other services:

  • B service, which is a web app running in a browser (on a separate node server)
  • C service, which is also a backend service (running on a separate server)

Initially, I considered using basic authentication for A-B communication. However, this approach doesn't make sense for A-C since storing credentials securely in a browser is challenging. Additionally, implementing session and tokens for A-B communication seems unconventional.

No matter what solution I consider, it feels like a constant struggle.

What do you believe would be a reasonable resolution for this type of setup?

javascriptjavarestmicroservices

Answer №1

It is important to have SSL for A-B in order to determine if basic auth is functioning properly.

If C will be utilizing the same APIs as B, it would be beneficial to use the same authentication methods for simplicity's sake.

An alternative option is to implement a token-based authentication system where each service (whether remote or local) authenticates and receives a token for future communication.

For further information on this topic, please visit: REST API Token based authentication

Answer №2

If you're looking to add authentication to your REST APIs, take a look at AWS API Gateway for some helpful guidance. https://aws.amazon.com/api-gateway/faqs/#security

Here's a quick summary:

  1. Utilize Access Tokens
  2. Implement Custom Authentication
  3. Enable CORS (Cross-Origin Resource Sharing)
  4. Explore Client-side SSL certificate based authentication

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

Transmitting occasional feedback from ASP.NET Web API function to jQuery AJAX

I am currently working on a project that requires sending intermittent status responses from a Web API method back to a jQuery AJAX call in order to display progress in the UI. https://i.sstatic.net/Y6R4w.png The process involves the jQuery AJAX calling ...

javascriptasp.netasp.net-web-apitypescriptlong-polling

The TestNG XML configuration was unsuccessful in invoking or creating the XSSFWorkbook

I have developed a hybrid framework that operates input and output actions within an Excel file. To achieve this, I utilized Apache POI 3.9. However, when executing the testng.xml file, it seems to halt at the creation of XSSFWorkbook object. Interesting ...

javaxmlselenium-webdriverapache-poitestng

When should one utilize a HashSet, considering its potential unreliability when modifying a field within a contained object?

While editing an object that is stored within a HashSet, the hash of the object changes, but the HashSet itself does not update internally. Because of this, the same object can be accidentally added multiple times: TestObject testObject = new TestObject(1 ...

javahashset

Retrieve a CSV file from the server using Angular and JavaScript

How can a visitor download a CSV file from the server using Angular 7? Many websites suggest creating a CSV file dynamically from data and then using blob creation for downloading. However, I already have the CSV file on the server and want to directly do ...

javascriptangulardownload

Trouble with clicking the Sign In button on Outlook using Selenium

I'm having difficulty clicking a button in Outlook. Here is the code for the button: <a data-m="{"cN":"SIGNIN", "sN":"P6", "pV":"1"}" href="https://outlook.live.com/owa/?nlp ...

javaseleniumxpathcss-selectorsnosuchelementexception

What do you call the syntax %< ... >%?

Observed zoomInAnimation : true, zoomOutScale : false, templateLegend : "<ul class=\"<%=type.toLowerCase()%>-legend\"><% for (var j=0; j<sections.length; j++){%><li><span style=\"background-color:<%=section ...

javascripthtml

What is the best way to transform React API data into props that can be utilized in different components?

I've been struggling with this issue for quite some time now, unable to understand how to manipulate the data in a way that allows me to use it in other components. Although I can display the data correctly, I'm advised to structure it within a f ...

javascriptreactjs

Is there an issue with the proper execution of keypresses/updates in the code

I'm currently stuck while trying to develop a game in Javascript. My challenge lies in detecting keypresses and constantly checking if they are being held down to move the character. Below is the code I have been using: var THREE; var keys; var updat ...

javascriptthree.jsaddeventlistenerrequestanimationframe

Implement a delay for a specific function and try again if the delay expires

In my TypeScript code, I am utilizing two fetch calls - one to retrieve an access token and the other to make the actual API call. I am looking to implement a 1-second timeout for the second API call. In the event of a timeout, a retry should be attempted ...

javascriptnode.jstypescript

Getting the local folder name using AngularJs

Is there a way to retrieve the directory name by browsing to a folder and clicking a button? I was considering utilizing <input type="file" /> to achieve this. ...

javascriptangularjsnode.js

Oops! Hardhat Test Error "Error: Virtual Machine Exception occurred while processing transaction: reverted with reason 'Please deposit additional funds'."

Encountering an issue with the following error message: Error: VM Exception while processing transaction: reverted with reason string 'deposit more' in the Hardhat Test.js file Test.js -> it("should be able to withdraw if no one appl ...

javascriptblockchainsolidityweb3jshardhat

Using jQuery plugins in JavaScript files

I was curious about how to properly import jQuery libraries after installing them from npm. I tried the following methods, but encountered an error: import countdown from 'jquery.countdown'; $.countdown = countdown; $("#hours1").countdown("2020 ...

javascriptjquerynpmecmascript-6

How can we ensure that Protractor's ElementArrayFinder 'each' function pauses until the current action has finished before moving on to the next iteration?

Currently, I am facing an issue while trying to utilize an 'each' loop in my Angular 8 app's end-to-end tests using protractor. Within my page object, I have created a method that returns an ElementArrayFinder. public getCards(): ElementArr ...

javascriptangularprotractor

While attempting to troubleshoot a program with mocha using the --debug-brk flag, it turns out that the debugging process actually

After setting up an open source project, I found that the mocha tests are running successfully. However, I am facing a challenge when trying to debug the functions being called by these tests. Every time I attempt to debug using 'mocha --debug-brk&apo ...

javascriptnode.jsnpmmocha.js

Watching a video play within a slider and transitioning seamlessly to an image once the video ends

I am currently facing an issue with a video playing inside a HeroCarousel slider. Before the slider, there is an image and after the slider, there is another image. This is my code: <div data-time="8000" data-prev-src="/media/splash/slider-left.png" ...

javascriptjqueryhtmlvideo

Utilizing Laravel 5.3 and Vue.js for Dynamic AJAX Calls Based on Select Box Selections

I am looking to display a newly added record in a select box once it has been inserted into the table. Below is my Laravel HTML code: <div class="form gorup"> <select class="form-control" > <option @click="called" ...

javascriptphpjqueryajaxvue.js

Finding the optimal image prediction from HTML using Google JSoup - A guide

Our goal is to accurately identify the best guess for an image based on the HTML content of the search results page returned by Google. Among the various classes present, we know that the best guess is associated with the class qb-b. To target this specifi ...

javahtmljsoupgoogle-image-search

Ajax and the powerful capabilities of Dojo Ajax offer robust solutions

Recently, I delved into the world of Dojo, a Javascript package that caught my eye. It seems to have its own unique version of Ajax, although from what I can see, it serves similar purposes as standard Ajax. Is there an advantage in using one over the othe ...

javascriptajaxdojo

Activate the toggle menu

Hi there! I'm currently working on a menu and I want the clicked item to become active, switching the active state to another item when clicked. However, my current implementation is not working as expected. Any assistance would be greatly appreciated ...

javascriptjqueryhtmlcsstoggle

Issue with Google Maps: undesired change in map size

Welcome to my app! Check out the link to my app here: http://jsbin.com/axeWOwAN/1/edit If you prefer a full-screen view, click here: http://jsbin.com/axeWOwAN/1 I'm encountering an issue with the map on the second page of my app. The map works perf ...

javascriptjqueryhtmlcssgoogle-maps