Secure api requests from react to django backend

I have web app. This consist of services deployed on Docker engine. The main services/containers are:

  • Frontend : React on Nginx web server
  • Backend (API) : Django, DRF on gunicorn on Nginx

For frontend I use Auth0. It works as expected. If user is not authenticated/authorized it is redirected to login page.

Now I want also to “secure” my backend that it only would accept authenticated connections from frontend.
For backend (Django) I also have CORS enabled (django-cors-headers package), but I still can connect from my browser my-site/api/ and get the response.
How should I secure my requests?

Hello @k.impolevicius and welcome to the community!

Great question! This is typically achieved by creating an access token to be validated by your backend - The following resources should be helpful in steering you in the right direction:

Hope this helps!

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.