Hi,

We only want to use an exposed REST API between the modules in our applications. The API is protected with basic authentication, but anyone with a username / password has access to the API if they know the direct URL. We want to extend our API security.

Any advice how we can secure the exposed REST API so that it only communicates with our modules?

Thanks,

Jeffrey

Hi Jeffrey Meijer,

In that scenario (only certain modules are authorized to use your API), did you consider to use a token between those modules (one that is internal to your application only)?

Does it help?

Marco Arede wrote:

Hi Jeffrey Meijer,

In that scenario (only certain modules are authorized to use your API), did you consider to use a token between those modules (one that is internal to your application only)?

Does it help?

Thanks Marco. We also thought about a direction you are suggesting. We were wondering if other developers are facing the same challenge as we do. Other suggestions are still welcome :-)