protecting REST API by limiting request source

Question

I am about to create a REST API that would serve its resources to a mobile apps, these includes iOS & Android smartphones.

Now I am concern of limiting my API to serve only request coming from apps, that means if the request is done via browser then I should deny it. The reason for this is I am concern regarding the XSS attack and such.

Am I wrong in what I am thinking now? If no, then how should I tell that the requestor is coming from an App?

score 0 · Answer 1 · edited May 23 '17 at 11:56

0

You are spot on and securing REST endpoints is very essential to ensure that you authenticate/authorize/control requests to your server resources.

Here is a thread that discusses some best practices: Best Practices for securing a REST API / web service

edited May 23 '17 at 11:56

Community

1
1

answered Feb 11 '13 at 05:24

Romin

8,708
2
24
28

protecting REST API by limiting request source

1 Answers1