Hiya everyone! After codegarden I got inspired to add a CURD API to my package. So that it could be used on the front-end. But I just got a bit concerned about security. I don't know if I should be concerned about it. Or what I could do to just add a bit of security. I Just need to be nudged in the right direction. 🙏

Membership auth? Time based signed "tokens"?

So sorry for late reply! (Swedish holiday got in the way) And thank you for your suggestions! Could you elaborate on how the times based signed token solution would work? Would I have a token saved in the Backoffice which I would update on a regular basis and then sync that key?

No worries. 🙂 That's what threads are for. Say for instance a user posts their e-mail using a form. You could give back a Json Web Token that's valid for n time. No passwords or auth required. The JWT has a signature that guarantees it comes from a trusted source. (You'd have to validate it on each request) Make sense?