0

Apologies in advance for what might be a stupid question. I am still a student and I have not been able to find a meaningful answer to this.

My question is regarding the security of APIs as it relates to client side rendering. Recently, I've been making web applications using Vue.js or React, and letting them make requests to a backend API.

Since both of these frameworks are made with Client Side Rendering in mind, however, I am wondering how this may impact the security of my API. Since the requests are being handled client sided, what prevents anyone from looking at the code of my website and viewing the API endpoints, reverse engineering them, and making their own requests and messing with data? (especially on User account endpoints).

I assume this is a common issue in web development, but what is the convention for dealing with this?

Thanks in advance.

Andys1814
  • 65
  • 5
  • What do your APIs do? They return some data or handle "form" submissions. What if you used server-side rendering? Then your server would return some data or handle form submissions, just wrapped in HTML instead of (probably) JSON. No. Fundamental. Difference. Same problems either way. – deceze Jan 09 '21 at 19:46
  • @deceze You make a good point, but it doesn't really answer my question. In server side rendering, the logic of where the data comes from is hidden from the user. In client side rendering, the API endpoints are visible in plain sight if any user decides to view the source of my website. For example, then could see a GET request being performed on some users endpoint (http://myapi.com/users/). I am asking, how is this not a security flaw? What prevents malicious users from using that API endpoint to get user data from my website. – Andys1814 Jan 09 '21 at 20:00
  • How are endpoints any more hidden in server side rendering‽ They’re usually exactly the URLs you see in the address bar. – deceze Jan 09 '21 at 20:26

0 Answers0