Im building an app based on Angular, which will talk to a backend database via a middleware API based on Laravel. I will probably use the dingo package.
The app will allow some users(members) to login and authenticate and view scheduling. However non members wont be able to register, they will just access the non member content.
Users will be restricted to those manually added to the database.
Non members will still be able to use most features on the app freely.
My question is around security.
For the user authentication I will use Laravel passport (although im not sure how I prevent registration at present), however im concerned about securing the api to just those clients using my app (mobile, desktop etc) for the non authenticated content. What is the best way to secure an API endpoint, so only my apps can access it? Ive looked at CORS but not sure if this is the right way to do it.
If I set up some kind of token auth, can it be spoofed? Is it possible to have an API endpoint/s that authenticates the requesting call.
from Newest questions tagged laravel-5 - Stack Overflow http://ift.tt/2weng5X
via IFTTT
Aucun commentaire:
Enregistrer un commentaire