React interacts with Rails on a per-user authentication basis with tokens. All the functionality like login and register comes through the API (the endpoints of which are public but not documented). Its not a publicly-documented API so all the requests should be coming from the react server only.
I’m not very well versed in security so I’d like the most common threats covered.
Is the best protection here the API gateway? Any tips on how to get things like DDoS and particularly login attempt protection here? Would the API gateway interfere with the current system/React’s ability to query the API?