Protecting Rest api from outside requests via url

So I have a Rest api and when you copy it into the address bar it displays json of the data. With that url hackers could insert it into a tool like postman and delete all my data with a delete request. How can I prevent this?

… don’t code your rest API to delete things?

1 Like

No, as far as i know, a rest api is like a middle man to the database. It translate objects, states, events, through the api so it can be read and stored in a database. But via the rest api url, hackers can delete everyone. Which is exactly my problem.

But it can only translate the events you tell it to translate into actions. Unless you’ve set up a premade API that just does everything.

What exactly have you coded?

1 Like

You should be using Auth tokens.

And as @m_hutley said, you should not be exposing things like delete all users. You should be making sure you’re protecting yourself from SQL injection as well.


Okay. Sounds kind of complicated. Where can I find a guide to implement this?

What is your backend? Express?

Yes it is

Auth0 is probably the easiest solution.

1 Like

Your the best! Thank you so much!

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.