How do I stop a user from accessing my Laravel API like a normal website?
I'm trying to create a microservice driven, hello-world app that uses Laravel as the backend (api) and VueJS for the front end to consume it. I'm unsure of how I would even deploy this yet but one thing I've picked up on is that while Laravel serves as the backend and I can interact with it through the frontend, if a user goes to the host of the Laravel app, they can still register, login and click on the default splash page from a fresh install, etc...How would I stop that from happening so that only the frontend (which is on a different host/port) is what a user can access?
I am afraid you cannot stop it. You can try it. Go to any big ecommerce website and go to developer tools > network to see what xhr requset this website is making. The website might be making api request. You can right click on the request and open it in new tab. You will still be able to see the api data in browser.
If you have user authentication, then that will put some security on, because a user wont be able to access the data without credentials. But i think thats max u can do
Or better to use pura laravel or laravel + inertia, where the data is not communicated using api. The page is rendered in the backend itself.
