Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
This might be a stupid question and/or simple answer, or neither.
I am developing an API, and I was wondering if it was possible to lock this down to a specific URL/Host?
e.g. My API is on one url, and it only responds to a httpwebrequest from a specific url.
http://www.apione.com only responds to http://www.apitwo.com
Is this possible? I have been looking into the host headers but don’t think it is possible to get this information.
Thanks
If your “API” as a web service then you can use ‘Request.UrlReferrer’ to get a URI object that tells you the URL the request has come from. You can then simply check that it matches one or more expected values before doing anything. This will not stop request from other URLs hitting the service but your web service would not do anything in response to these requests. You can also lock down by IP in a similar manner by using Request.UserHostAddress. Please note that these do different things. If the user clicks a link on http://www.apione.com the referer will be set to http://www.apione.com but the IP will be the IP of the user. Which method you use would depend on how the API is consumed. e.g. If there is some server side process that runs from http://www.apione.com then the referer would not be much help. Also referer can be easily spoofed.