|
|
|
|
|
|
by codegeek
1668 days ago
|
|
|
Any public facing URL should have https (SSL certificate installed) and any http request should always redirect to https. There is such thing called "SSL Termination" where you may have a public facing load balancer/proxy which works on https but terminates SSL which means that any upstream backend servers under that load balancer are http only (but are not publicly available). Whether you have api.coolstore.com or not, that is more of a design decision. It is a common practice to setup website and API separate where API is hosted on subdomain. So you could do coolstore.com and api.coolstore.com but install https on both and setup http->https redirect to both. |
|
|