I have built a ReactJS Frontend with GoLang Backend. All the data is being requested/sent by ReactJS from/to Golang Backend using Rest APIs.
I am quite confused on what will the best way to secure my API requests so that one does not pro-grammatically hit my backend server and make undesired changes. Any advice will be really appreciated.
I have been exploring JWT tokens and CSRF tokens but am not going anywhere with how to exactly implement it in my application due to my lack of expertise in the API security domain.
Some further details about my application are:
- The frontend and backend server are separate.
- The frontend server is using Nginx to serve the static files.
- A new token should be generated everytime the page is opened and it should be valid for no more than 8 minutes.
Please suggest to me what would be the best way to secure my rest APIs given the structure of my application.
P.S.: There is no login or any other mechanism for this page which would establish the authenticity of the user.