It would be really useful to have some resources and hints on this, because at this moment all I am doing is writing a middleware before every API that does queries to check whether the user is allowed to see the requested data or not.For instance: I have an application with users, how do I make sure the user can only see its data (so with its ID) when it comes to API /users/:id?
Submitted July 11, 2017 at 08:37AM by honestserpent
No comments:
Post a Comment