Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m building a Rest API and a frontend written in PHP.
My question is that I intent to protect it with OAuth when third-party apps try to access it.
But I don’t want to use OAuth when my frontend uses the API.
How can I detect/identify when an APP that is not my frontend is trying to access my API.
What’s is the best strategy?
Thanks!
There are a number of ways that you can go about this:
You can perhaps give the API an alias only used by the frontend server and utilize a different authentication mechanism (i.e. keyed access) for that API alias.
You could set a specific custom request header that is only used by the frontend server and use your alternate authentication mechanism when that header is present.
You can pass along some additional data with the requests that identify the request as coming from your frontend server.
I personally would opt for one of the first two, as I wouldn’t want to change the data structure unnecessarily.