DEV Community

Rumesh Madhusanka
Rumesh Madhusanka

Posted on

Where to use encryption 🤔

I am developing a nodejs rest API and a react frontend which uses the API. I hope to deploy them on azure. Do I need to enable encryption between the front end and the backend?

OR
Is it enough to enable encryption only on the front end?
(I do not plan to expose the API to third parties)

Discussion (2)

Collapse
pjeziorowski profile image
Patryk Jeziorowski • Edited

Frontend - Backend communication should be encrypted.

Example - you type your credit card details in the UI. Would you like it to be transferred over the internet to the backend in plain text? :)

Collapse
lucis profile image
Lucis

What do you understand about "encryption"?

If the API is served over HTTPS your traffic is already much safe. If not, check Let's Encrypt and do it right away. Your API also should have a auth protection if it handles sensitive data, like a JWT approach. Also, check HelmetJS for some security good practices.