Use auth0 for both API access, and user access?

Hey all,

bit of a curious question, and I would love to hear how others would go about solving it.

I’ve got a node/express API, as well as a Nuxt JS client app.

My API functions in the way that there are a bunch of /public endpoints, as well as /private, which depending if a user is signed in, can and cannot access. Easy enough, and this is working.

What I really want to do however is also secure my API, in particular some of the /public endpoints, as they hold valuable data, which I don’t want say, competitors to be able to access by simply hitting a GET against them. I understand they can still scrape.

In my head, when the Nuxt app inits, it trades a username/password with the server, for access to even call the API, then if someone logs in, they essentially do another exchange, for the deeper level of access

Any resources on how to go about this using Auth0?

Hi @christoffer.jjohanse,

Welcome to the Community!

As far as I know, there isn’t really a way to secure the API call from a public client without some sort of user credential. If you added a secret, your competition could easily just grab the secret from the public client and make requests as if they were that client, no need for traditional HTML scraping.

Here is an IS stack exchange topic about it

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.