Level 102
I assume you mean frontend using vue or similar? You could add a secret token to all requests.
1 like
Sep 12, 2022
3
Level 9
Detect API request source
Hello,
this might sound silly, but if I built an API and I opened it for public usage and I also consume it via my own app, how to tell wether this request is coming from outside client or from my app.
note: I am not using sanctum to authenticate requests.
Level 9
@Sinnbeck no consume it internally via AJAX requests from within the same app
Level 56
@uniqueginun use a session cookie? Just as sanctum does for local app?
HTTP cookies are set for the same domain, and you can tell axios, fetch or XMLHttpRequest to send them on every request.
Requests from your app will have the session cookie. Requests from 3rd-party won't.
This is exactly how sanctum works, but if you can't use it for any reason, you can at least use its code base to guide you on how to it.
1 like
Please or to participate in this conversation.