How do I hide a REST API Url from the end user?

后端 未结 7 1838
庸人自扰
庸人自扰 2021-02-07 15:13

Is it possible to hide my REST URL that I using via AJAX to populate page data? I don\'t want others taking and consuming from my REST API, but need to use it to display content

7条回答
  •  情话喂你
    2021-02-07 16:13

    Yes, maybe a different interpretation of hiding the api but indeed hiding it from direct access nevertheless. I assume that's the point of hiding it anyway.

    You can do it through your web server. I'm using Nginx. I have an if statement that checks the $http_referer. If there isn't one, or if it's not being made by my application/frontend page (meaning someone is trying to hit the api directly), it'll return a 403 forbidden page.

    If your application doesn't send out emails to your users don't worry about the following: I added a block to allow access to my static images as the only exception, as my application sends out emails with images and I don't want them to break.

    That's it. Problem solved. No one has access to my api except my frontend page/application.

    So yes, the api is hidden from the user as in they can try to hit it if they want to but they won't be able to get in.

提交回复
热议问题