I have a javascript file that does ajax requests for my API, but I do not want anyone to find out the link to it, is there any way to block access to this file?
If you do not have some way to release so only the site can access?
I have a javascript file that does ajax requests for my API, but I do not want anyone to find out the link to it, is there any way to block access to this file?
If you do not have some way to release so only the site can access?
At the time the AJAX request is performed, it will always be possible to crawl. Because, the origin of the request is made at the client. So what you can do is do a validation on the server.
Example:
Let's say you're ordering from the site: link
In the index.php file, you can have a PHP statement that checks whether the source of the request is www.testandoapi.com.
<?php
if( $_SERVER['HTTP_ORIGIN'] === 'www.testandoapi.com.br' ){
//seu codigo aqui
}
?>
This will cause only requests coming from the www.testandoapi.com.br domain to be executed.
Note: The above solution is not immune to faults, there are other aspects that should be taken into account.
Complementing the above solution, you can work with Token
as well.
But for this, it will be necessary to define some criteria:
Token
, for all who access the site. Token
. You can have other items to set, worth considering the context that your API will be used.
You must provide security on the server side, allowing only those who can access the address action. The "link" can be discovered in any way when the user's request is made, simply by monitoring the requests in the browser itself.