Level 23
whats this 3rd party?
Apr 10, 2019
3
Level 1
Best practice for secure route access from external website
I’m creating an rest api with laravel and I’m using a third party service and this make a postback to my web giving me some important data. I want to create a /api/postback route and give access to this third party web only. I know that checkclient middleware is for any client. If some user creates a client will get access to this route. I want this route only for 1 client associated to this 3rd party website.
I beleive i can create a passport client then generate token with this client and use this token with postback url, then check if(user_id ==1) then give complete access. But I don’t know if this is good practice, maybe there are other ways to do this.
In the documentation says that Client Credentials grant tokens works for machine to machine and for creating specifics tasks to our websites but doesn’t explain how https://laravel.com/docs/5.8/passport#client-credentials-grant-tokens
Maybe you can help me understand
Thanks in advance
Level 1
@shez1983 hi, this 3rd party is a external website. It sends me a GET request with url parameters to my website.
Level 23
i know what a 3rd party does.. it doesnt send you a get request- YOU do a get request.. i specifically asked for a name... so i could read docs! but without knowing what kind of security it has in place i cant say anything
Please or to participate in this conversation.