# Foreword

This is probably the first Open Source (MIT) book on Headless Application Security. Everyone is invited to contribute! Single Page Applications, JAM Stack, Headless - the features these architectures provide sound all too good. We've been told the apps can be now developed at two different speeds - so we can experiment with new shiny frontend features. The applications are faster than ever and even include some native-like features - so-called Progressive Web Apps 😃

With all the buzz-words and feature/benefit-oriented discussion at some point we thought: there is too little discussion about the best practices. Especially regarding the Security. The frontend applications are very often developed by the frontend-teams that didn't have to to worry so much about the security and security before. With this paradigm shift - more and more business logic - especially including integrations with third-party systems is taking place in the frontend.

The times where you needed to worry about SQL Injection are probably gone. Now you query some API from Amazon, Azure, Firebase, Elastic or MongoDB. No problem. However there is a whole new set of issues and vulnerabilities we need to aware off. Including - API authorization, session handling, exposing sensitive information, SSR caching and so on.

This e-book is all about it. To show the best practices how to secure your API-first/Headless applications. It's been started by Vue Storefront Community. We hope it will be continued by the contributors. We'd like to gather the best practices from many different Open Source projects, in one single place, with actionable examples of DO's and DONT's. Everyone is invited to contribute!

Piotr Karwatka, Co-founder of Vue Storefront

# Partners

Divante is a global eCommerce solutions, experimentation, and thought leader. Our team of 250+ experts empowers eCommerce for both the B2B and B2C segments, working with companies like Bosch, SAP, Marc O'Polo and Tally Weijl. We create rapid, high-functioning MVPs and integrate technologies that will be the trends of tomorrow.

At Divante, we trust in cooperation and actively contribute to the open-source community. This Book is Open Source. as well as creating our own products like Vue Storefront and Open Loyalty.

Divante in numbers:

  • 10+ years on the market
  • 100+ clients globally
  • 220+ team members
  • 300+ projects delivered
  • See our key projects:

Open Source projects Divante Innovation Lab