Description
Currently, some of our API endpoints do not authenticate requests and could allow abuse. To prevent this and to protect our resources, we need to implement some sort of authentication. We could continue JWT token rollout to include our APIs. Another option we could think about is filtering some of our endpoints based on origin address, for endpoints that do not expect devices from the public internet to connect.
Additionally, internal API routes should not be hit-able from external sources.
Completion Criteria
Description
Currently, some of our API endpoints do not authenticate requests and could allow abuse. To prevent this and to protect our resources, we need to implement some sort of authentication. We could continue JWT token rollout to include our APIs. Another option we could think about is filtering some of our endpoints based on origin address, for endpoints that do not expect devices from the public internet to connect.
Additionally, internal API routes should not be hit-able from external sources.
Completion Criteria