How do I hide a REST API Url from the end user?

Question

Is it possible to hide my REST URL that I using via AJAX to populate page data? I don\'t want others taking and consuming from my REST API, but need to use it to display content

Answer 1

Yes, maybe a different interpretation of hiding the api but indeed hiding it from direct access nevertheless. I assume that's the point of hiding it anyway.

You can do it through your web server. I'm using Nginx. I have an if statement that checks the $http_referer. If there isn't one, or if it's not being made by my application/frontend page (meaning someone is trying to hit the api directly), it'll return a 403 forbidden page.

If your application doesn't send out emails to your users don't worry about the following: I added a block to allow access to my static images as the only exception, as my application sends out emails with images and I don't want them to break.

That's it. Problem solved. No one has access to my api except my frontend page/application.

So yes, the api is hidden from the user as in they can try to hit it if they want to but they won't be able to get in.