I am building a site which exposes a few api calls for me to call from our in house software. What’s the best approach to secure these api endpoints? I just really needs something like an api key that we keep secret and our in house app uses.
I’m looking into adding this:
https://github.com/bunkerity/bunkerized-nginx
to my droplets to improve security. With nginx you can also limit access to specific pages or urls. I know this doesn’t give answer to your question regarding basic authentication for your API’s. Here is a link to some wappler doc:
https://docs.wappler.io/t/api-connector-components-how-to-use-and-connect-rest-curl-apis/3799
I do this using the username/password option in a security provider I place at the start of the Server Action… then I call the Server Action as a post API call specifying the username/password combination from elsewhere.
(Which in my case is also my app in Wappler as I have reusable APIs from before we had library components)…
Thanks @Antony. I was on the right track then as that’s what i implemented.
I was testing it out using Postman and tried to use the user name and password authentication as part of the get but it just returns unauthorized.
Glad you are on the same page… and yes, it needs to be a post!
hi guys
I tried several ways to use an authorization in the header
but did not find a way to receive this value inside the api code
tried with $_POST , $SERVER.HTTP
has anyone used this method to authenticate
or username/password is the best way?
thanks