I am developing a nodejs rest API and a react frontend which uses the API. I hope to deploy them on azure. Do I need to enable encryption between the front end and the backend?
OR
Is it enough to enable encryption only on the front end?
(I do not plan to expose the API to third parties)
Oldest comments (2)
Frontend - Backend communication should be encrypted.
Example - you type your credit card details in the UI. Would you like it to be transferred over the internet to the backend in plain text? :)
What do you understand about "encryption"?
If the API is served over HTTPS your traffic is already much safe. If not, check Let's Encrypt and do it right away. Your API also should have a auth protection if it handles sensitive data, like a JWT approach. Also, check HelmetJS for some security good practices.