Making REST calls only available to local applications?

Question

Suppose I have a url like:

which returns a JSON object of all users. But, I don't want anyone (or any bots) to be able to go to this url to fetch this information. I want it to only respond to calls from other local modules in the same website.

How would I go about implementing someting like this?

You are making HTTP requests between code modules that are on the same web site? Are they in the same process? Does HTTP not seem like overkill for this scenario? — Darrel Miller, May 21 '10 at 00:31

score 1 · Accepted Answer · answered May 20 '10 at 22:21

1

Compare the REMOTE_ADDR against a white list of approved IPs. If it's not in that list, simply return nothing, close the socket, or return an HTTP error.

answered May 20 '10 at 22:21

Will Hartung

115,893
19
128
203

score -1 · Answer 2 · answered May 20 '10 at 22:37

-1

Are you using Spring? Have considered adding a filter bean inside your context to only allow HTTP requests from your site?

answered May 20 '10 at 22:37

jdecuyper

3,934
9
39
51

hey! no, i'm actually doing this in django(python) and not in java. – colorfulgrayscale May 21 '10 at 02:31

Making REST calls only available to local applications?

2 Answers2