bit of a curious question, and I would love to hear how others would go about solving it.
I’ve got a node/express API, as well as a Nuxt JS client app.
My API functions in the way that there are a bunch of
/public endpoints, as well as
/private, which depending if a user is signed in, can and cannot access. Easy enough, and this is working.
What I really want to do however is also secure my API, in particular some of the
/public endpoints, as they hold valuable data, which I don’t want say, competitors to be able to access by simply hitting a
GET against them. I understand they can still scrape.
In my head, when the Nuxt app inits, it trades a username/password with the server, for access to even call the API, then if someone logs in, they essentially do another exchange, for the deeper level of access
Any resources on how to go about this using Auth0?