I am working on a web application where I need to pull data from a third party vendor. There are REST APIs written for this which will pull data from the third party.
My Question is: How can i secure these calls? I mean if anyone can get the endpoint then he/she will get the data, I want to prevent this.
one answer could be using authentication and authorization, here I will first send the user credentials and upon successful validation, a token will be returned and this token will be passed in every subsequent request in header.
I have a question in this: IF i have to pass the token in every request in header then i can also pass credentials with every request. Then what is the need for authentication, I can easily pass credentials in header with every request and authenticate.
ALSO, If someone can answer what are the other available options for securing such API calls
Thanks
What I have tried:
IF i have to pass the token in every request in header then i can also pass credentials with every request. Then what is the need for authentication, I can easily pass credentials in header with every request and authenticate.