One things missing.... can't you apply middleware at the register level? ... eg... lock down all of `/api/v1/users` and not `/api/v1/projects`... something like: fastify.register(projectRoutes, { prefix: '/api/v1/users', prehandler: auth }); ???
Yeah. This approach is helpful for server-server communication but not safe for client-server. The example here was more to show a naive approach while dealing with headers.
Yes. Absolutely. So this isn't a full security solution. I talk about others in followup videos but as part of a security solution or even as a first step, the xapikey approach is a possible element.
Clear, concise, and really good explanation. Nice video!
clear explanation! please, keep making content
This was exactly what I needed, thank you! Well done video.
Love it! ❤Thanks... New subscriber ❣️
awesome... this is exactly what I needed to find today. Thank you very much!
Maybe also try to create a typescript example of your api? Since that makes a lot of sense I think. Creating at least some kind of type safety .. or?
keep it up, good content!
Thanks for the encouragement :)
Awesome💯
Thanks 🔥
One things missing.... can't you apply middleware at the register level? ... eg... lock down all of `/api/v1/users` and not `/api/v1/projects`... something like:
fastify.register(projectRoutes, { prefix: '/api/v1/users', prehandler: auth }); ???
If you pass it in header , it will be visible in the browser and anyone can pick that secure key right?
Yeah. This approach is helpful for server-server communication but not safe for client-server. The example here was more to show a naive approach while dealing with headers.
@@doingandlearning Could you please share for webapplication as well
@@vijaysinhparmar I'm creating a JWT vid which would be a better approach there :)
thats pretty gud
Thanks for the comment :)
but isnt the x-api-key exposed to client side
i mean anyone can see it
Yes. Absolutely. So this isn't a full security solution. I talk about others in followup videos but as part of a security solution or even as a first step, the xapikey approach is a possible element.
Why no new videos ?