What is the correct way to protect a public REST API?

This page summarizes the projects mentioned and recommended in the original post on reddit.com/r/node

Our great sponsors
  • Appwrite - The Open Source Firebase alternative introduces iOS support
  • Sonar - Write Clean JavaScript Code. Always.
  • InfluxDB - Build time-series-based applications quickly and at scale.
  • Newman

    Newman is a command-line collection runner for Postman

    Of course, you can look into CORS, but this can only do so much and is quite easily circumvented (as others have mentioned, nothing is stopping someone from just opening Postman and creating a request targeting that endpoint).

  • frank_jwt

    JSON Web Token implementation in Rust.

    If you want to protect user data, this can be done by only supplying data to users if they have the appropriate permissions to view it. Authentication like this is usually implemented using JSON Web Tokens (JWT) and storing an authentication token in the database to match against each user session.

  • Appwrite

    Appwrite - The Open Source Firebase alternative introduces iOS support . Appwrite is an open source backend server that helps you build native iOS applications much faster with realtime APIs for authentication, databases, files storage, cloud functions and much more!

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts