How to secure API request with Zenno?

[bambinou]

Hi all,

Has anyone pleayed with Zenno and POST request to an API endpoint?
What is the best way to protect my endpoint and only allow Zenno to post there?
I was thinking about a token exchange, but in this case, where do you save the Token in Zenno so it works on all the instances?

Thanks

 

[lokiys]

Not sure i understand right.

API endpoints are usually in website backend, thats where it is secured in some way.
That's not zenno task at all.

 

[bambinou]

Sorry for not explaining better.
Usually when you access an endpoint via a mobile phone, for example, a login, you exchange a token with the app(from the endpoint), so future endpoint access is authorised via the token.
With Zenno I would like to authorise an endpoint access but would neeed to exchange a token, then reuse this token in future requests.

How do you deal with POST and GET request, is there something like Axios that I am familiar with? And how would you save your token during the endpoint request?

Thanks

 

[lokiys]

It depends on app authorisation type.
Usually when you do a POST request to login endpoint with username and password parameters, you get a response.
That's where your token should be. Usually in the HEADER.
Then you have to scrape it out and use in your future requests.

 

[bambinou]

Thanks, I will have to check it out.