xsanisty / SlimBoard

Starter Application built on Slim Framework in MVC (and HMVC) environment
http://www.xsanisty.com/project/slim-starter
MIT License
288 stars 71 forks source link

How can you secure the API endpoints? #11

Closed StyxOfDynamite closed 9 years ago

StyxOfDynamite commented 10 years ago

For example if I run

curl -X DELETE http://localhost:8080/SlimStarter/public/admin/user/1

I can delete the user with id 3, obviously in a production environment, it wouldn't take very long for someone to start screwing the data up by making malicious POST / PUT / DELETE requests to the API

ikhsan017 commented 10 years ago

Hi Luke,

You can use route middleware to filter the endpoint from unauthorized access, you can also use https://github.com/thephpleague/oauth2-server as oAuth2 authentication to protect your API endpoint