Angular 5: Is there way hide API call? or make it private?

Question

I started learning Angular and I noticed that every call I make to backend can be seen from developer tool. So when I got method/function like this:

getUser         


        

Answer 1

Is there way hide API call? or make it private?

No. The browser belongs to the user. What it does is under their control, not yours.

What basically returns user information (name, address etc), based on what user id gets posted. If one wanted to get random user information, couldn't they just make API call to this endpoint, with random number in request payload and just get that user information?

If you are running an unauthenticated API. Yes.

It sounds like you desire security through obscurity which is highly unreliable.

I read something that one way to fix this is to use JWT, what basically encrypts the payloads

Not really.

You need authentication / authorisation.

You need to identify the user (this could be through a username and password, OAuth with a provider like Facebook or Twitter, etc).

Then you need to make sure that user is allowed to read the data they are requesting. e.g. A user record can only be accessed by the user who owns the record or a user with the admin role.

isn't there option to like turn this api call usable only in my app?

No

or make it at least hidden from developers tools?

No