0

I am trying to make an HTTP call to our legacy APIs. These APIs use basic authorization.

When making a call from an Angular app, I have to pass this authorization token which is not a problem. My concern is that anyone can sniff the token from the Angular app, and that would allow them to make calls to our APIs.

How can I call existing APIs without compromising the token?

Improve this question
4
  • You can't. If the client-side app needs a token, the user can access it. Commented Aug 21, 2020 at 9:35
  • is there another way of doing this? To make calls to api more secure? Commented Aug 21, 2020 at 9:36
  • 2
    One way to do it is create a server in between your client app and the API, it will take care of the security concern. Remember that frontend is public anything can leak from public cookies, local storage, session storage etc. Commented Aug 21, 2020 at 9:36
  • As @TZiebura says, you need a server to proxy those requests from your client to the legacy APIs and add the token. Then the token isn't available to the client (and you can also do validation etc. before sending client data to those APIs). Commented Aug 21, 2020 at 9:40

1 Answer 1

Reset to default
-2

User can reach any storage on client side (example via console). So, you can not hide it.

So, You can just save this token and set to request with HttpInterceptor:

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.