Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Should there be separate APIs for public and private endpoints? [closed]

Tags:

rest

ajax

php

laravel

api

If a website has a public facing front that consumes an API, and there's also a backend for users with more powerful roles that also consumes an API, should both parts of the site use the same API or different APIs (eg: /api/v1/resourceName vs /api/admin/resourceName)?

like image 481
Nyxynyx Avatar asked Jul 27 '13 00:07

Nyxynyx

People also ask

Can an API have multiple endpoints?

Often, each REST API offers multiple endpoints from which you can get the data.

What is the difference between public API and private API?

An API provides a way for developers to access the functionality of an operating system, program or other service. Public APIs are open to anyone and can be used without restrictions. Private APIs are only accessible by authorized users and may be subject to usage restrictions.

Does private endpoint disable public access?

By default when you create a Private Endpoint in the Azure Portal it will automatically lock out public access. You can, however, turn public or broader access back on using the Networking tab and updating the firewall settings.

1 Answers

This really depends on your situation. If your private endpoints absolutely must remain private, then separate APIs is the only absolute solution. In general, that seems like overkill. For most situations, I would suggest maintaining a single API and designing your private endpoints with security in mind from the beginning.

Separate API's

  • You have to maintain two code bases, or at least port parts of your private API to a public system.
  • You have to maintain two production API systems.
  • Better Security: public clients will not be able to access private internal resources on your API, even if user keys / passwords / etc. are breached, or there is an error in the way your public facing API handles security.

The Same API

  • One codebase and one server.
  • Security will be more important. You must make sure public clients can't access internal resources. Security breaches, or oversights on security on your private endpoints could cause serious problems.
like image 110
T. Brian Jones Avatar answered Sep 19 '22 02:09

T. Brian Jones
Sign in to Comment

Related questions

How to add items to the cart using the Shopify API
How can I get next week dates?
Symfony/Doctrine Dateinterval (time duration) how to store it in database
Recording a JSON POST to File Using PHP
am i wasting server time if i call one method for each request for insertion
When would I want to use .html, vs. .php, as a file extension?
PHP 5.4 multipart/form-data UTF-8 encoding
Registering user with FOSUserBundle without logging the user in
Looping over multiple RecursiveDirectoryIterator
cakePHP Could not find validation handler
PHP: Reading word by word?
QHttpMultiPart: post files to PHP script
Expanding / Collapsing divs
Tips to save up our page load time [duplicate]
PHP Accessing function in global scope from a class method
PHP array - remove elements with keys that start with
mkdir(): Permission denied
In ZF2 how to execute OR condition in WHERE clause
How does mysqli::commit & mysqli::rollback work?
Using resources as array indexes in PHP

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!