Securing API Key in Angular2 Securing API Key in Angular2 express express

Securing API Key in Angular2


node.js security express angular json-web-token

First, as @eesdil said, you must use HTTPS. In that case, all your calls are encrypted and safe.

In my example ( Angular 2, Express and JWT ), i used crypto module with pbkdf2 algorithm for hashing passwords.

This is workflow:

  • /login/signup -> hash password and generate salt -> store it on server
  • /login -> validate password against stored one -> generate jwt -> save it in localStorage on client
  • /api -> send jwt in Auth header -> validate on server -> send response

Working example is here: https://github.com/vladotesanovic/angular2-express-starter

node.js security express angular json-web-token

Your token hopefully travels with https. And when it does they cannot get it...

UPDATE

from wiki:

Because HTTPS piggybacks HTTP entirely on top of TLS, the entirety of the underlying HTTP protocol can be encrypted. This includes the request URL (which particular web page was requested), query parameters, headers,

https://en.wikipedia.org/wiki/HTTPS

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last