Home > Net >  How to build Front-End apart from Back-End with security?
How to build Front-End apart from Back-End with security?

Time:12-10

I have some knowledge of Vue and Experience with Django, wanted to know if there’s a way to safely create an app with nuxt and django rest framework.

I saw that Nuxt is not a server framework and e only works for doing ssr for Vue, so i was wondering how would i do to use it with drf, i thought about using and api key but since the vue app in client-side would have to access the API directly (e.g: submitting forms) would be a breach, right? like, my API cannot be open to everyone and i cannot store api credentials inside vue app.

Is there a way to use Nuxt & Django Rest Framework together?

CodePudding user response:

I've already answered questions regarding if Nuxt is private and how to make secure calls, reading some of those can be a nice start.

Overall, the practice of having such communication is totally common and can be achieved with a JWT. The main points are:

  • you create an async pair of keys with Django (like SSH does)
  • keep the private key on your Django server
  • expose your public key on the Nuxt site
  • force authentication before doing anything sensitive (using a global middleware)
  • enjoying fully protected communication
  • if somebody tries to break the client-side code, he will still not be able to access the most important part (the actual data in your database)

There are plenty of tutorials on the Web on how to achieve a working JWT flow.

  • Related