I am trying to secure all my api calls using jwt. The things is we don't have a authentication system in our product. If a user want to book any product he/she can come directly do it as a guest user. Last week someone automated our message api and send 10000 msgs to random. I know this sounds bad. So we are planning to provide some security through jwt. So we thought of making api call and sending the token when the page first loads and this token will be used by the user for making api calls, will make it expire in an hour. But I see no point since any user who will come to website will get a token, basically there is no authentication. So what should be my approach? We are using nodejs as backend and react as our frontend.
Aucun commentaire:
Enregistrer un commentaire