alefort
commented
8 years ago Looks like token based api auth is the way to go. But I'm still not sure, since I would need to expose a username/password in the client side. How can I protect the username/password on the client side so that no one else can poach it?
API Calls should only come from authorized parties, ie: our web app, nowhere else. We have reverse engineered some useful data, its ours!