API security: how to restrict domain access?

Question

API security: how to restrict domain access?

I am looking through a simple API and must make sure that only authorized users are allowed to access it. I will provide an API key for authentication. However, I also want to associate the API key with a specific domain (this means that it should work only if it is used from allowed domains).

How to check the API if it is accessible from an authorized domain? HTTP_REFERER does not seem to be reliable. Suggestions?

+4

security api php

Stackoverflownewbie May 29 '11 at 23:20

source share

3 answers

HTTP + SSL is a complex protocol suite that supports certificates for the server and client and can probably be used in this case, but for some reason I think this will be redundant.

0

Dennis kreminsky May 29 '11 at 23:52

source share

you need source IP

REMOTE_ADDR -or- HTTP_X_FORWARDED_FOR

-2

Countscary May 29 '11 at 23:27

source share

Tadeck · Accepted Answer · 2011-05-29T23:26:58+0000

What API are you exposing? There are many different APIs - I suppose you are not revealing your operating system API ...

Assuming you want to open several web application APIs , you can take a look at OAuth , which is based on callback URLs - you can simply block certain domains from calling through the callback URL.

Learn more about OAuth .

API security: how to restrict domain access?

More articles: