I am trying out seperated infrastructure for the first time. By seperated infrastructure, I mean I have 2 seperate apps:
Currently it's a very simple process (as I'm learning more about integrating 2 apps). I understand that the communication between to platforms should be secured with some sort of Token based auth etc. I had a look at devise_token_auth and ng-token-auth.
I am confused as I currently will not open up my API to any external parties. Thus the only system that I want to have the ability to consume my API, is my own (1 set of secret keys).
Am I right in saying that I will use devise_token_auth to generate my secret keys, and then add it to my environment variables on both the Server and Client sides? Since these values will currently be static (will not be user specific)
Definition of authentication is something like "confirming that a user is who he says he is". Since you won't have any users, auth is not applicable here.
One might argue that "user" in your case is the angular client and therefore, external users (other apps/scripts), not knowing the token, will be rejected. However, access token being public knowledge too, it does not add any protection against spam or whatever you were trying to achieve with this mechanism.
So, don't bother with it.