A user needs to send us data weekly or monthly and I need to capture that data into a database to present it on a website. However, I do not want the user to have direct access to the data base.
So I was thinking of building REST API and capture the data into a database that user sends (instead of responding back to the request).
I am new to this field and wondering if this is a safe practice? If there is a better way, please let me know. Thanks!
On
Yes, multi tier architecture is always safer than direct database access.
Just remember to "sanitize" your inputs to the database. In the case of SQL, read about SQL injection. If you are going to be displaying some information to a webpage, read about cross site scripting (XSS).
Yes and as blur0224 said you should consider security for your REST API. I personnaly advise you to use a token based authentication (JWT, OAUTH2 etc...). So the user have to be authenticate and authorized to access your data base.