2

I am a newbie in Angular world, but I am seasoned backend programmer (java and golang). I have few questions.

1.) Does angularjs app need to be served using nodeJS on the server side?

2.) Is angularJS only client side code? if that is the case, can I serve it simply using apache?

3.) If AngularJS is client side code, does it not impose security risk, because it calls API and all the API keys and secrets are embedded in the javascript.

Maybe I am missing something here.

Really appreciate some pointers. I tried to look around the web, couldn't find a satisfying answer.

Thanks, Brijesh

Improve this question

3 Answers 3

Reset to default
2

1.) Does angularjs app need to be served using nodeJS on the server side?

No, angular can be served with any web server.

2.) Is angularJS only client side code? if that is the case, can I serve it simply using apache?

Yes, angular is a front end, or client side framework, and can be served with apache.

3.) If AngularJS is client side code, does it not impose security risk, because it calls API and all the API keys and secrets are embedded in the javascript.

You probably shouldn't be calling APIs from client side, instead the client should request from your server, your server will deal with the APIs, and serve your client the information needed

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I had the understanding of single page application using angularJS is you dont need the backend server. There is client side SPA and you call different APIs to render the page.
@brijeshchavda you will always need a backend server, somewhere for people to request your application, even if it is one page. API is a broad term, they way you were using it, I was assuming a 3rd party API. The first one that comes to mind is the Twitter api. Now you can request information from twitter and they will give it to you. But they don't want you abusing their system, so they give you an API key. You need this key to request information. It is important you keep this hidden so your clients don't pretend to be you and get twitter mad at you because you abused their api.
1

1.) Does angularjs app need to be served using nodeJS on the server side?

No. I developed Wordpress themes with Angular in client side, which is requesting Wordpress API to display posts, pages, etc.

2.) Is angularJS only client side code? if that is the case, can I serve it simply using apache?

Yes and yes.

3.) If AngularJS is client side code, does it not impose security risk, because it calls API and all the API keys and secrets are embedded in the javascript.

Setting the API keys in client side is a security risk, that's why you souldn't do it. So, how to deal with API from Angular or any client side technology? You simply use something in the back-end which will provide an interface between the client and the final API.

e.g.:

Angular request -> PHP script which will request the API -> API

and then

API response -> PHP script (containing the API credentials) getting back the response from the API -> Angular getting back the response from the PHP script.

NB: The use of PHP is just an example, you can do that with any server-side language you want.

Improve this answer

1 Comment

No clue. I thought it answered the question well.
1

Angular is purely client-side code, like all js (well, "most", when you consider node.js on the server-side).

It doesn't impose any additional security concerns beyond what you already get from 1. using js and 2. using any js framework.

For APIs, you'll of course need to communicate with your own API for anything server-side. In general, it's best to proxy any communication with third-party APIs through endpoints on your server.

Improve this answer

2 Comments

Thanks Brian, But even if i route all third party API calls thru my proxied server endpoints, it also imposes security risk.. That means , i have to authenticate and authorize each API calls coming to my server. right?
@brijeshchavda That's correct. Of course, if you're going to write a data-rich application, you can't escape the need to authenticate and authorize against a data source API somewhere. Beware of getting to the point where you say "The only secure way to do this is to distribute the app on CDs because there are hackers on the internet!" :p

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.