I have an application on the frontend of a server, which needs to communicate with a Rest API on another server, without the client having to log in.
I'm assuming you mean that on a S
server you have a web application WA
, consisting of both a backend and a front-end .
The app that will request or send whatever it takes to authenticate.
By app, I understand the backend part of the web application.
This API generates tokens for authorization. how to securely request the token, via the frontend and securely store it too?
If you want security, never manage tokens on the client side - in fact, never trust client-side integrity. Suggested implementation:
- Keep application credentials (secret key, application ID, etc.) in the backend exclusively.
- If the user of the
WA
application needs remote REST API custom content, get the remote credentials and store them in the back-end (eg User U1
, remote token% with%).
- Your web application should relay calls only to your own back-end ; if you need remote REST API content, make a connection from the back-end .