I am working on a project in Angular JS . We have developed an API (.Net MVC WebAPI with oAuth Authentication ) for any sort of Data,Business logic and server side stuffs . Angular Web App and Mobile apps consume This api for their data needs . I want to know the Best approach i should follow for API Security .
1. Angular JS is client side framework and keeping any secure data (credentials/Encryption Keys ) for authenticate Every API Request from Client App/ Mobile App are not secure enough.
2. This API also has few methods which i have to use without login (public) like
A. Register a User
B. Creating A Retail Order and payment .
How can these methods be protected without any authentication ?
3. How can i secure my information passing from Angular App To API like Credit card details ? Is using HTTPS enough secure ?
What Currently we are doing
i have review so many articles and Found oAuth 2.0 is best with JWT which i am currently using too but currently we issue token only after Login page so Secure pages and api methods going well and pubilc methods are still public .