1
mundo03
6y

So, need to secure some requests.
I decided on going passwordless on the website but I want to have an API too.

I am reviewing auth0.
I am also not sure if I can secure the same endpoints as private and public differently, so the private is used by the backend with no auth and the public with auth.

Wold you guys help me with some reading material?

Comments
  • 1
  • 1
    If all the endpoints are on the same API, just secure them all, an insecure endpoint (public or not) is still insecure.

    Adding backend headers doesn’t take much or multiple requests for auth/token usage.
Add Comment