Reputation: 167
Securing API in jQuery
I have an app landing page. Visitors enter their phone number and I send a link to their phone.
I pass that number to my API with jQuery (Ajax). Now anyone can see that URL. So, anyone can grab that URL and send many requests. How can I protect it?
I have already implemented CSRF Token. Now I'm doing it with PHP. Generating a a token and storing it on session.
But there is a also a problem. If someone loads the landing page, they get that token and after that they can use that token to send request. I have tested this with Postman.
I can clear that CSRF Token after one request. But I don't want to do that. As they may require to send this link to other numbers.
Now what I want to do is, make that URL private, at least make hard to find and only requests made from my website should be accepted not from other tools.
Please help!
Upvotes: 1
Views: 42
Answers (1)
Reputation: 817
What you're trying to protect yourself from is brute force attack. The most common and quick way to prevent this is using CAPTCHAs. You can use Google Recaptcha.
Besides, the app server should always validate request data, make sure you're using POST Method and sanitize data to prevent SQL Injection or hack attempts.
Upvotes: 1