Limit API for use on specific websites

Asked Apr 23 '20 at 11:27

Active Apr 23 '20 at 11:27

Viewed 30 times

So we have an open API for ZIP codes and would like it so only specified websites can use it. Currently we are using CORS in combination with keys to stop unauthorized websites from using it but there are some cases where that won't do anything. Since the API is used with Javascript the key is right in the Javascript as well.

How would I make this secure? It seems that no matter how I do it, people will be able to use it from other websites.

asked Apr 23 '20 at 11:27

K1ll3rM

_no matter how I do it, people will be able to use it from other websites..._ Yes, they will. As long as they know your api key – B001ᛦ Apr 23 '20 at 11:29
So you're saying it's impossible to make this secure? @B001ᛦ – K1ll3rM Apr 23 '20 at 11:30
1

Create an AUTH Service using JWT and expiration. – Markus Zeller Apr 23 '20 at 11:35
@MarkusZeller Would that do anything in the end though? Users don't have to be authenticated on a site to use it so everyone would get the key anyways. – K1ll3rM Apr 23 '20 at 11:40
@K1ll3rM That's why I suggested using AUTH for API users. Then you can limit all you want. – Markus Zeller Apr 23 '20 at 11:42
@MarkusZeller Hmm alright, I'll read up on it. – K1ll3rM Apr 23 '20 at 11:42

Limit API for use on specific websites

0 Answers0