Is it necessary to use CSRF and shield protection if we make REST API with JWT authentication?


#1

Is it necessary to use CSRF and shield protection if we make REST API with JWT authentication?
If it is, how does they it help in the context of REST API?


#2

Hey @chabib ! :wave:

No, it’s not, since each of your requests should be authenticated with a specific header and should be accessible from outside a web page you shouldn’t use CSRF protection to protect your API.