ikhsan017
commented
10 years ago Hi Luke,
You can use route middleware to filter the endpoint from unauthorized access, you can also use https://github.com/thephpleague/oauth2-server as oAuth2 authentication to protect your API endpoint
For example if I run
curl -X DELETE http://localhost:8080/SlimStarter/public/admin/user/1I can delete the user with id 3, obviously in a production environment, it wouldn't take very long for someone to start screwing the data up by making malicious POST / PUT / DELETE requests to the API