Manage API usage permissions

Hello !

I need to secure the PUT and POST routes of my API so that they can be used only in my code and not knowing the route and using the token saved on my front, how can I do that?

Let me explain: I have a PUT and POST route for my Clients collection, and I want these two routes to be able to be used only in my code and not by anyone who would have found the routes and who would use the token saved at my forehead to authenticate his request.

  1. Create a custom role(for example Admin role)
  2. Allow the role from step 1 to access your routes
  3. Add your user to the role from step 1.
  4. Create a custom policy that will check if that’s you(you decide what exactly to check and how).

Also, take a look at an example of isAdmin policy:

Hello !

Thank you. I think that this solution can works.
You know to solve my problem i do this :

  1. I created role “admin”
  2. I change my API’s authorization
  3. And i moved my axios requests on my back by authentification with token

what do you think is the best solution?