Level 80
@brahimbjz Look into CORS. You can restrict what hosts can access your API that way.
May 28, 2020
3
Level 1
Restrict the use of an API in Laravel to a single application
I have an API in Laravel that only consume in my frontend. The problem that arises for me is how to authorize the use of the API to a single application without revealing information that other applications may apply to make use of it (an example of this would be sending a header, which can be obtained and replicated).
I understand that with Passport I can get it but it seems to me to be a very sophisticated solution for a case where I will only need an authorization and I would just like to know where to look since I can't find anything. Sorry for my bad English.
Level 1
@martinbean But I understand that CORS protect the user of a website from other websites not making AJAX requests to it without their knowledge, but this does not apply to me, where exactly what I am looking for is that only my web application can send requests to the registration API (the other routes would be protected with the user token and there, yes, also with the CORS). Sorry form my bad English.
Level 80
But I understand that CORS protect the user of a website from other websites not making AJAX requests to it without their knowledge, but this does not apply to me
@brahimbjz Wrong. CORS would be suitable. From https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#What_requests_use_CORS:
The Cross-Origin Resource Sharing standard works by adding new HTTP headers that let servers describe which origins are permitted to read that information from a web browser.
For example, if you're running a React SPA that makes calls to an API backend running on a different domain.
So, you can use CORS to allow your API to specify the origins (i.e. your web application) that can call it.
Please or to participate in this conversation.