Security of APIs

[ShokoufehSimab]

Hi,
I have a question.
For now, our clients can access all APIs without doing login( from URLs ) . How Can I secure my APIs endpoints and protege my APIs from access without login?
Best Regards

[nhathoang989]

Hi @ShokoufehSimab,
Please pull the latest code from develop,
The APIs, which inherit BaseAuthorizedRestApiController, were Authorized with JWT Bearer token.
Or you can add Authorize Attribute for the API that you want to protect
Ex: [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]

[MT-Dev06]

Hi @nhathoang989,

I'm looking for an api that handle the pages, I found this file :
https://github.com/mixcore/mix.core/blob/master/src/Mix.Cms.Api.RestFul/Controllers/v1/Pages/ApiPagePortalController.cs
but it contains only the endpoint that retrieve all pages, are there other endpoints that retrieve/delete/modify a single page ? thanks

[nhathoang989]

Hi @MT-Dev06

We already implemented all of the restful APIs (GET, PUT, POST, PATCH, DELETE) and some other common methods in BaseAuthorizedRestApiController.

Currently, I just want to override the endpoint that retrieves the list pages In ApiPagePortalContrller.
You can override other endpoints if you want to,