API Authentication
Closed this issue · 1 comments
s2t2 commented
Right now for testing purposes the API is accepting requests without verifying they originate from the client application. Before moving beyond the testing phase, the API should implement a mechanism for authenticating the client application.
s2t2 commented
I think maybe instead of using IP-related checks or API keys, we should pass a token from the client to the server in request headers. Resources: