Hi everyone. I have a few questions regarding authentication/authorization for a small express API that I have running on Google Cloud Platform (GCP). Please forgive my ignorance, I'm not terribly experienced with Javascript or API development.Here's the gist of what I have:MySQL database on GCPNode.js express app on GCP with 4 endpoints, all of which retrieve information from the DBA React.js front end that makes calls to the Node.js AppA React Native mobile appMy main issue right now is that my Rest API is exposed and anyone can make requests to it. While there isn't any inherently sensitive info in the responses, it's obviously not ideal to have unwanted requests hitting your API. I was thinking the best thing to do would be to implement an API key system so that only requests with a valid key get served. So my questions are:What sort of authentication/authorization system would you recommend that I implement? (And if possible, link some documentation or a tutorial)How can I securely ensure that my front ends have valid keys? The Reactjs app will probably just be on a GCP instance as well, but the React Native app will be distributed through the google play store. How do I ensure that each app distribution gets a unique key? Does each app need a unique key?
Submitted June 29, 2020 at 11:53PM by smutje-mansur
No comments:
Post a Comment