发表新帖
发表新帖

API Security: how to restrict access by domain?

前端 未结
关注
3 1502
栀梦
栀梦 2021-01-06 08:33

I\'m exposing a simple API and need to make sure only authorized users access it. I will be providing an API key to authenticate. However, I also want to associate the API k

相关标签:
3条回答
  • 挽巷
    2021-01-06 09:07

    HTTP+SSL is a complex protocol set that supports certificates for both server and the client, and probably could be used in this case, but somehow I feel this would be an overkill.

    0 讨论(0)
  • 别跟我提以往
    2021-01-06 09:11

    you want the source IP address

    REMOTE_ADDR -or- HTTP_X_FORWARDED_FOR

    0 讨论(0)
  • 名媛妹妹
    2021-01-06 09:16

    What kind of API are you exposing? There are many different kinds of APIs - I assume you do not expose your operating system's API...

    Assuming you want to expose some web application's API, you may take a look at OAuth, which is based on callback URLs - you can just block certain domains from being called through callback URL.

    Read more about OAuth.

    0 讨论(0)
 看不清?
提交回复
热议问题