FI think this might help you
FAs soon as you successfully deployed ZITADEL as a proof of concept using one of our deployment guides,
FIn short, deploy zitadel behind a proxy/waf and only expose the HTTP API of zitadel to the proxy.
FTo further harden zitadel you can restrict access to its apis in the proxy layer and only keep the oidc, oauth, saml endpoints open with the login path
FI do not have a list at hand but here you can find the apis https://zitadel.com/docs/apis/introduction
Easiest would be IMO to just allow the /oauth, /oidc, /saml, /ui/login paths
That should work
Easiest would be IMO to just allow the /oauth, /oidc, /saml, /ui/login paths
That should work
ZITADEL exposes all features via different gRPC and REST APIs and provides SDKs for popular languages and frameworks.
FIt is worth noting that you should keep the Db under tight control since it stores the critical data 
We take a lot of precautions though for that
We take a lot of precautions though for that