I am developing my REST API in dart with shelf for my Flutter app. A little confusion of the relationship between REST and TLS/SSL. Do I need to implement TLS/SSL right way in my dart shelf code? or I just put a http server like NGINX etc. to middle of caller and my API, then apply TLS/SSL on the middle server? What the best product architecture of REST API and app? What kind of exactly role is API Gateway? Thanks a lot.
I had been googling a lot but can not put all pieces together.
2
Answers
You don’t have to implement anything in your code, in order to use SSL/TLS you just need to use HTTPS instead of HTTP protocol on your connection between client and server.
HTTPS uses TLS (SSL) to encrypt normal HTTP requests and responses, and to digitally sign those requests and responses.
The answer to your question is yes You can use Nginx as a reverse-proxy on your server for example you might run your Api app on port 4040, you can set a reverse proxy that takes request over HTTPS and decrypt that request then forward it to port 4040 (Your api app)
What is reverse-proxy?
It is a good practice to use Nginx as your reverse proxy and it’s common, You just need to have a valid SSL certificate.
I suggest You to use Caddy, it is a powerful web server, easy to use and it also give You free SSL certificate and You can use it as your reverse-proxy.
For implementing a good REST api you can read here, regardless of what programming language, You can find the structure you are looking for.
Additionally if You already decided to choose Dart for implementing your api this guide will help you to writing more effective code in Dart.
This is a security decision, not a coding decision. If your security experts trust your local network, then don’t encrypt the local traffic, just the traffic between the clients and the nginx. If they don’t trust it, then encrypt the local traffic too. Nowadays it is common to do the latter. https://networkengineering.stackexchange.com/questions/67563/which-is-the-best-way-to-encrypt-all-the-ip-traffic-in-lan