8

I have an English dictionary webapp, say xyz.com, developed using AngularJS (or any other UI) and REST api. There is no authentication since the webapp is open to everyone and there is no user registration. How can I prevent the REST api from being consumed by outside applications? In other words, the REST api should work only when accessed through xyz.com. I don't want some other developer use my REST api to power his application.

OAuth isn't a solution for this since there is no authentication. This question is similar to Protect Web API from unauthorized applications, but there weren't any concrete answers that would solve this.

Community
  • 1
  • 1
Suneel
  • 775
  • 3
  • 9
  • 22
  • Take a look at Cross Origin Resource Sharing, CORS http://www.html5rocks.com/en/tutorials/cors/ – Cerad Jun 27 '15 at 19:24
  • @Cerad CORS is overcoming the same origin policy restriction. But that isn't my question. I am looking for a way to prevent unapproved / unethical usage of my public API. A rogue developer can develop his own UI and just call my REST api through a proxy that runs on his domain, thus by passing the same origin restriction. – Suneel Jun 28 '15 at 00:22
  • You asked for a way to restrict usage of your api to a specific domain: xyz.com. CORS can do just that. – Cerad Jun 28 '15 at 13:02
  • 1
    @Cerad So how would CORS prevent someone from writing a Python or Java client to access my REST api from their developer machine? – Suneel Jun 28 '15 at 23:01

0 Answers0