Ken Ken - 1 month ago 16
reST (reStructuredText) Question

Should I place SPA and RESTful API in different servers?

I'm developing a Single Page Application (SPA) and a RESTful API to serve resources to it.

Since I'm going to develop mobile applications, and even open the service to third parties in the future I thought of placing the SPA in one server and the REST API in other. I think that way I should be able to scale the service easily.

Should I create the web app (SPA+Resource server) in one place, or separate server is the right way to go?
Should I use some token protocol to authenticate the SPA to the REST API to guarantee its authenticity?

I read about OAuth, but it is very complex, and I don't no if it makes sense to my case, since I'm developing both ends. But it does guarantee the authenticity of the app (my SPA) and the user. Maybe OAuth is the solution?

Thanks a lot for any help here!

Answer

Yes, I think that it seems to be a good idea to split the SPA and the RESTful service if you expect to have several consumers for it. The SPA will one. It will allow to prepare such structuring... I think that you should implement CORS in such use case. This following link could give some insights:

Regarding token-based authentication, I think that this link could show how to implement such approach: