I want to develop a web site with AngularJS. On the backend side I will use Codeigniter REST framework. I have some security issues and I don't want to start developing without fixing them on my mind.
I don't want to use something like api key because it will be reachable by the client and I think it will not secure my methods on api side. I'm thinking to use token based authentication but I don't know if it is suitable for my case. Do I need to verify the user for every request to server? Or is it enough to use just api key for backend side? And also I am planning to use this api with applications on the different platforms in the future.
I can't decide what to do. If anyone advice me something I will be very appreciate.