Home > Blockchain >  Restrict access to public-facing API from a specific client app
Restrict access to public-facing API from a specific client app

Time:10-31

I realized today that some users where calling the endpoints of my application through a script. Ideally, I would want to prevent them from doing that but there doesn't seem to be any absolute way of doing it.

To give you more context, my app is built with React and communicates with the backend through a REST API. To authenticate, users need to send their email and password to get a token that gets stored in a cookie.

Do any of you have ever had the need to do so ? Am I thinking too far ? What solutions can be used ?

I made a bit of research to see if other people were facing the same problem and I found little content. The answers given to similar questions made it clear that it's not possible but I would like get other people's experience around the question. And see what they did to make it harder to call a public API from outside the client app.

CodePudding user response:

You can use API gateway for example kong,... https://github.com/Kong/kong

OR Handling API endpoints by CORS Enabling CORS for a REST API resource

CodePudding user response:

You cannot do much if it is a public API. You can add operation call limit per mins, captchas and such things. If you don't want it to be public, then the consumers need to send a secret with each request, which must be done from server side, otherwise the users will see it in their browser.

  • Related