This post is a continuation of this one about setting up FOSRestBundle. The issue is that by default, the REST API that is created is accessible to anyone. For my angularjs app though, I only want the app to be able to access the API, no one else. Otherwise, external sites could hi-jack my API to get data from providers like Amazon. Since these usually have some kind of throttle on them, the API needs securing.