What to use to connect to the Internal Only Access Api Web

0

I am a beginner and I built a Mobile application in C # that connects to an Api Web. However, Web Api will be on a server that has only internal access, which theoretically would protect the DB. How can I make my (public) application have access to this Web Api that only allows internal access? I create another Api Web with external access that will call this Web Api? A Proxy? If you can indicate some material or example, thank you.

    
asked by anonymous 21.07.2016 / 17:32

1 answer

1

This question is very opinionated and depends on your specific scenario.

I'll try to list some scenarios that might look like yours, but then it's up to you which one is best:

  • If it is impossible to make public the Web API that is currently restricted, and it is also impossible to access the database outside of this API, then there is only one way, to make a Proxy and implement in the restricted API everything required

  • If you can access the database outside of this API, then it may be best to use some restricted API functions when possible, and when you need to directly access the database, this is really necessary ... or else use the first alternative not to break the encapsulation if this is a system premise.

  • If the restricted API can be published, some kind of authentication can be used, in which the user passes a appKey key that could be used in conjunction with the referrer if it is an API to use directly from the browser (type, if the referrer is not the registered domain for that appKey then access is denied). So it would be necessary for the client (user) to register the app inside your system

21.07.2016 / 18:52