Reputation: 229
What I have to do to block requests if it is outside of my web application?
I don't know if I'm saying clearly, but I'll try...
I need my API to block requests from anyone outside of my web app, I'm working with JWT authentication to do login.
I have no idea how I can start doing this, I don't know what I have to search/study, so I'm here to get help with themes that I can search.
Upvotes: 1
Views: 2064
Answers (1)
Reputation: 3949
In very broad terms, you want to implement an authorization scheme for your APIs. Doing so will let you control access based upon the entity (person or machine or another service/app) and other factors when someone calls your API. If you use JWT tokens as a means of conveying an authorization grant, have your API check that 1) token is present on the request 2) it's valid 3) it has all the right claims. If 1-3 are true, then authorize access and continue to the execution of your API's core logic.
Most likely your technology/solution stack already has a capability to do some or all of the above. Best place to start is to read more on how your stack handles these types of problems and go from there.
Upvotes: 1
Related Questions
- How do you restrict requests so they only work if it is accessed by a specific domain
- How to prevent API calls outside a web site
- Protect Web API from Cross-Origin requests
- Allow only requests from local machine in WebAPI 2
- Having Web Api called by only my website
- Force ASP .Net Web API to block HTTP requests with Error (403)
- How to prevent access to a web application through a HttpWebRequest?
- Protect a web api from begin called by other apps
- Lock down API to specific URL
- How to detect and block non-browser API requests in ASP.NET MVC