I'm developing a Single Page Application (SPA) and a RESTful API to serve resources to it.
Since I'm going to develop mobile applications, and even open the service to third parties in the future I thought of placing the SPA in one server and the REST API in other. I think that way I should be able to scale the service easily.
Should I create the web app (SPA+Resource server) in one place, or separate server is the right way to go?
Should I use some token protocol to authenticate the SPA to the REST API to guarantee its authenticity?
I read about OAuth, but it is very complex, and I don't no if it makes sense to my case, since I'm developing both ends. But it does guarantee the authenticity of the app (my SPA) and the user. Maybe OAuth is the solution?
Thanks a lot for any help here!
Yes, I think that it seems to be a good idea to split the SPA and the RESTful service if you expect to have several consumers for it. The SPA will one. It will allow to prepare such structuring... I think that you should implement CORS in such use case. This following link could give some insights:
Regarding token-based authentication, I think that this link could show how to implement such approach: