How to secure web services when authentication is done at client side (frontend)

by sachin27   Last Updated December 07, 2017 08:05 AM

I have web application which structure is as-

  • webapi : django web services [NOT REST] no security implemented
  • frontend : Angular2. authentication implemented via SAML
  • Database : Mongodb

Can you please suggest best way to secure webapi, as currently anyone can access web services who has server[api] url

It will be big help if you suggest the authentication and authorization flow because I am totally stuck. Thanks in advance.

Related Questions

Is it bad practice to store a user's email in a JWT?

Updated September 07, 2017 05:05 AM