Reputation: 2668
How to prevent 3rd part services from using my API?
I have developed a front-end interface using Aja(AngularJS) and HTML5. Right now, I send an HTTP get request to my backend server which returns some data based on the GET parameters.
Since the URL is exposed in the Javascript file, I believe anyone could just use the URL to create there own API to fetch the data. How can I prevent such things ?
One way I could think of is that now instead of directly sending the request to the backend server, an application server could be used (hosting the HTML as well). The Ajax request would then be sent to this server (PHP script ?) which would in turn forward the request to the backend server and return the result to the UI. To prevent 3rd party services, I can disable cross origin requests on my application server.
Is this the correct way to solve my problem or are there better ways to do this? I am concerned that this would unnecessarily create another hop (internal though) for requests.
Note: The backend is running Apache Tomcat
Upvotes: 1
Views: 885
Answers (1)
Reputation: 109
In APIs that are not open to the world the user has to authenticate first in order to use it, see for example https://stripe.com/docs/api#authentication or http://dev.maxmind.com/geoip/geoip2/web-services/ -> Authorization
Upvotes: 0
Related Questions
- Protect a public API
- Best practice for securing rest api for third party service access
- How to protect API?
- Protect API from being shared
- How to deny third-party access to a server side API
- How can I protect my API and know what is calling it?
- Server API defensive design?
- How can I prevent others from accessing my webservices?
- How would I protect a private API
- How can I create and use a web service in public but still restrict its use to only my app?