I am working on deploying an application that is split up into an Angular front-end hosted on Divshot and a Rails back-end API hosted on Digital Ocean.
I was wondering whether I need to set up SSL for both the front and back end since I imagine the communication between the user and the front end has to be encrypted and then the communication between the front end and the back end has to be encrypted as well. Is this correct?
If so, do I have to go with an official certificate signed by an authority for the backend<-->front-end communication since it is just a private API that only my front end consumes?
Thanks!
Divshot founder here. If you are making requests from a browser, even if it's to a "private" API, you'll need a valid certificate. This is what allows your browser to verify and trust that your back-end is who it says it is.