I want Users (developers) to be able to access my app API from their webapp client side Securely. i.e similar to how Intercom offers you a code snippet to add to your Website code which includes your client side API KEY. I can use something like crypt to generate API KEYS and assign that to my users. However, how should I secure the so other people who go to my users site don't use the API key to make calls to my Api and access my users data. My first thought is to restrict the calls to only tmy users domain. If this is a acceptable method, how can I do this? OR if there are other methods please advise.
via jasan
No comments:
Post a Comment