0

I am using NodeJS v4.2.6 application with ExpressJS to handle Rest API calls. I am using Java, Python and DOT Net programming interface to make an API call.

Is there any possibility to identify that the request was made through CURL command or some other way and how to restrict those request.

Soorya Prakash
  • 921
  • 3
  • 9
  • 29
  • You'd probably be able to identify what the client **claims** it is by inspecting the "user agent" in the headers (if it is sent) - but this is easily manipulated by the client and shouldn't really be "trusted". – Lix Jan 11 '18 at 11:00
  • If you want to restrict "automated" requests, you may want to consider implementing one of the Captcha solutions such as Google's reCaptcha. Take a look at https://stackoverflow.com/questions/29562710/client-server-rest-api-captcha-implementation – gokcand Jan 11 '18 at 11:37

1 Answers1

0

No. An HTTP request is an HTTP request. There is nothing you can use to reliably identify the tool that was used to create it.

Access is typically restricted via the use of secrets (e.g. usernames + passwords).

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335