I am currently building an application.
My front end is developed using React and Axios (for API call requests). It is served directly by vercel on mydomain.com
My back end is developed using Django and Django Rest. It is served with apache2 on api.mydomain.com. It only serves API endpoints.
So the front-end and back-end are separated.
I would like to return the entire data in encrypted form as an API response and then wants to decrypt it in the frontend app(react)
Do you have any idea of what I could do to achieve this?
Thanks a lot in advance for your answers.
CodePudding user response:
Thats such an interesting question.
If you want encryption, I think you should look into SSL encryption (using https instead of http). SSL encrypts the data between client and server. You would still need to make API endpoints inaccessible to unauthorised users.
There is a great article about securing Django API by using JWT tokens.
You can set up a login endoint that would retrieve the tokens from Django upon successful login.
These tokens can then be used by React to access the secure Django endpoints. As an additional layer of security, you could make these tokens short lived, in the unlikely case someone intercepts the tokens, they will expire and the hacker will lose access to your API.
SSL JWT tokens should address your needs :)