API Token Authentication & Endpoint Protection
rbaker26 opened this issue · comments
Bob Baker commented
Description:
If wee want to open up the API for others to use, wee need a way to issue and track API token to prevent spamming of the APi.
The GUI should also auth to the API for its requests
To-Do List
- Research best way to implement a secure API
- Identify needed Azure Resources
- MSSQL, CosmosDB, AD DS, API Gateway, etc..
- Auth the GUI or establish level of trust
- Build a portal to request an API Token for integrators
Possible Resources:
https://docs.microsoft.com/en-us/dotnet/architecture/microservices/secure-net-microservices-web-applications/
https://josef.codes/asp-net-core-protect-your-api-with-api-keys/
https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad
Bob Baker commented
prob not necessary at this point
can revisit later if need be