[keycloak-user] Securing RESTful API Best Practices
Farzad Panahi
farzad.panahi at gmail.com
Thu May 16 19:39:46 EDT 2019
Hi,
I am very new to Keycloak. I have a RESTful API implemented with json:api
<https://jsonapi.org/> spec which I want to secure using Keycloak.
I just want to ask the Keycloak community for best practices when it comes
to securing RESTful APIs.
My endpoints will be something like:
GET /api/books --> return all books the user has access for
GET /api/books/123 --> return book with id = 123
My challenge now is to figure out how to define resources in Keycloak.
Should I add all my books as resources to Keycloak? And then define the
permission between each user and resource?
What would be the best practice to implement "GET /api/books" to return
only the books the logged in user has access to? Should I query the
Keycloak API to get all the resources the logged in user has access to, in
the backend?
Thanks
Farzad
More information about the keycloak-user
mailing list