Hi, I am fairly new to AngularJS and other JS libraries.
I have written a SPA in HTML5 using AngularJS. This client app keeps calling my Server which is a .Net WebApi 2.0 to get some information and will change the content based on result. Everything works perfect. Now I am thinking of releasing this app to my Live servers. This app is using OAuth 2.0 to have a token to secure communication between my Client side SPA and my Server side WebAPI. But only a Token is not enough to satisfy our security team. My SPA needs to have a API Key to pass my API Gateway and needs to sign every request to pass another layer of security before hitting my WebAPI to get authenticated against its OAuth token. Here is my question: API Key and Signature key needs to be added to my HTTP Request header. Same as my token. How can I secure creation of API key and Signature in my client side AngularJS App? API key I guess I don't need to do much. It's a public key and same key will go to my HTTP Header every time so I dont bother about that too much. But in my JS functions of my AngularJS when I am going to call an API I like to use a very secure JS function that uses a private key internally and sign the request for me (sign as SHA key or Encrypted I don't mind). Whatever I do some smart guy can easily find what is going on in my JS functions loaded into browser and they can do the same thing to sign their own request to my API. How can I secure this? -- You received this message because you are subscribed to the Google Groups "AngularJS" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/angular. For more options, visit https://groups.google.com/d/optout.
