Ask HN: How do you protect your SaaS?
Those that have a multi tenanted product in the form of $client.$product.com, how do you protect your endpoints?
We are getting ready to publish and we have people suggesting we force the client to download openvpn and use the vpn we setup for them after sign up. That's because people are getting nervous about exposing our API to the world like this.
Those who do that, what sort of infrastructure/setup/products are you using?
VPN for accessing your endpoints can only end in pain for both your clients and your company. Are your endpoints not protected by oauth?
[dead]