I mean it really depends on what you mean by this. Starting from basic things like verification of content type, handling authorisation and authentication roles correctly, utilising encryption for sensitive data(like passwords if you handling authorisation manually), implementing rate-limiting. And ending with setting up reverse proxy with the right config and utilising TLS/SSL. From what I can recommend - github.com/shieldfy/API-Security-Checklist Nice small checklist of most things that you would want to cover.
Can you give me a resource on how to protect my backend server?
I mean it really depends on what you mean by this. Starting from basic things like verification of content type, handling authorisation and authentication roles correctly, utilising encryption for sensitive data(like passwords if you handling authorisation manually), implementing rate-limiting.
And ending with setting up reverse proxy with the right config and utilising TLS/SSL.
From what I can recommend - github.com/shieldfy/API-Security-Checklist
Nice small checklist of most things that you would want to cover.