Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to secure API resources (e.g. user registration endpoint) #263

Open
ahmedtanveer opened this issue Nov 15, 2022 · 2 comments
Open

How to secure API resources (e.g. user registration endpoint) #263

ahmedtanveer opened this issue Nov 15, 2022 · 2 comments

Comments

@ahmedtanveer
Copy link

Hi,

Thanks for the great piece of work.

How do you secure your APIs so that only your React client can access.
For e.g. if user registration endpoint isn't secured, anyone can post request and create unlimited users.
In this case, how you would secure the APIs, specifically, those endpoints which don't have Authorize attributes.

Really appreciate help in this regards. Thanks in advance.
@ahmedtanveer
Copy link
Author

Hi @kgrzybek , @kmasalski , I would really appreciate your response on my question.

@danias
Copy link

danias commented Mar 11, 2023

@ahmedtanveer an idea would be to create some sort of middleware that logs IPs and limits the number of requests they can make. This is useful even for secured endpoints because you could have a user registering and then performing a DoS attack to your system. The registration endpoints could have stricter quotas than the normal usage ones.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@danias @ahmedtanveer