Collaborate Disseminate
I’m looking into Angular and read that typescript is compiled to javascript. Is everything viewable/visible to users that I write using typescript?
With PHP I know you run code that’s only visible to the server. Does Angular also have cod… Continue reading Angular (2+) code visibility to users
I am build a website in Angular which communicates over my REST API on my backend server.
I have managed to auto-generate the code (TypeScript) for my client and now I need it to be available on deployment.
There are several ways to do … Continue reading Is it safe to publish a REST API client on npm even though the API is not intended for public use?
What possible risks/attack vectors could be introduced be allowing my server application to make outbound calls to a 3rd party REST API? The 3rd party REST API is off premises and owned and operated by the 3rd party.
In ord… Continue reading Security Risk of outbound web calls
Basically, I have a webapp which needs to check the validity of the user of an Android app. After completing the basic login flow with Facebook in the Android app, a Facebook access token is sent to the server where it is val… Continue reading Is it possible to get hacked by a redirection placed inside a Facebook Graph URL?
JWT Bearer token and stateless REST API question
I am implementing a stateless REST API. I am used to using sessions built into frameworks or 0Auth but now I am in the process of developing my own jwt bearer auth implementation instead of… Continue reading How to invalidate JWT tokens without a database lookup with each request to the server?
Is it safe to let users enter in a URL in a field in my application where the backend of the application will go fetch the data for them via the URL they provided?
To clarify, the idea was to allow users to enter a URL insid… Continue reading Is it safe to let users enter a URL in my app that queries an external REST api?
I have a React app that connects to a REST API for which I have to implement token based authentication. The only info stored in the token is the user id.
The following flow will be used:
User logs in, server sets the toke… Continue reading Token Based Authentication
This question already has an answer here:
How do I secure my REST API?
7 answers
It’s my first time building and deployin… Continue reading Golang REST API: Security checks? [duplicate]
(This is a followup to my question about a general security scheme here)
As part of an authentication scheme for a single-page application + REST API, I planned to provide authenticated clients with a short-lived access JWT … Continue reading Is it useful to have separate access tokens and refresh tokens if they’re going to be stored on the client-side as cookie?
I have a REST API that will be called by other external 3rd party servers over the internet and be used only for machine to machine communication. I am looking for mechanisms to secure this API such that only servers that I d… Continue reading Securing API access. oAuth Client Credentials vs client ID and secret