What is the correct way to protect a public REST API?

This page summarizes the projects mentioned and recommended in the original post on /r/node

Our great sponsors
  • SurveyJS - Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • Newman

    Newman is a command-line collection runner for Postman

    Of course, you can look into CORS, but this can only do so much and is quite easily circumvented (as others have mentioned, nothing is stopping someone from just opening Postman and creating a request targeting that endpoint).

  • frank_jwt

    JSON Web Token implementation in Rust.

    If you want to protect user data, this can be done by only supplying data to users if they have the appropriate permissions to view it. Authentication like this is usually implemented using JSON Web Tokens (JWT) and storing an authentication token in the database to match against each user session.

  • SurveyJS

    Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts