Could you pls answer the following two questions:
- In general, is that possible to restrict a SPA angular client application(internet facing) to access backend API(internal) by whitelisting its host SPA application IP at the firewall? This means, my backend API is allowed at the firewall to this SPA angular application clients only not to any other sites. I don’t want to block the user IP, since there are tons of users to this site.
- My angular app2 spa application is redirected to okta for login.At okta network layer is that possible to allow only this SPA application to access Okta hosted login by whitelisting app2(SPA) ip?