0

I have a Rest API deployed on my server, say A. I have 2 web application say www.B.com and www.C.com. Both B and C calls APIs deployed on server A. Now think of small scenario,

User Rob login on B.com and user andrew login to C.com. Now some of their event trigger to make a API call to server A. My problem is , any how will I able to identify that particular request coming from B.com or C.com.

This information is only in address bar of bowser, but api call is ajax call. Necessary to mention i dont want make any change in java script or front end (on either of application B.com or C.com). Change should be on serve A. Any hint to solve this will be highly appreciated. I am using Java, resteasy,jboss.

Abin Manathoor Devasia
  • 1,945
  • 2
  • 21
  • 47
umesh
  • 231
  • 1
  • 14

2 Answers2

0

You can set Headers(key value pairs) in making a REST Call

Set some authentication token in the header.

Verify the token in the Server, where the REST API is exposed

madhairsilence
  • 3,787
  • 2
  • 35
  • 76
  • it required change at client script, that what I didnt want.. I just want change in A server not on 'B.com' and 'C.com'. – umesh Mar 15 '13 at 14:12
0

Assuming you're receiving the API call from B and C as a HttpServletRequest:

String ipAddress = httpServletRequest.getRemoteAddr();

Then compare the IP address against the known IP addresses for server B and C.

If the AJAX calls come directly from the browser to A then I don't think there's a way to make this work without changing B or C.

Vegard
  • 4,802
  • 1
  • 20
  • 30
  • how do we get Httprequest In REST – Abin Manathoor Devasia Mar 15 '13 at 13:30
  • according to defination remote address will give "Returns the Internet Protocol (IP) address of the client or last proxy that sent the request. " So, it might return the IP address where the browser is open with B.com or C.com not the address of B or C , i guess. But any ways I got solution , there is "referer header" in http request, which is exactly solving my purpose. It gives me the URL on which page User is exactly while making this api Call. it will be something like "http://www.b.com/doEvent". From this URL i can find out where user is exactly browsing the page ,on B or on C. cheers! – umesh Mar 15 '13 at 14:16
  • Be careful though, some browsers do not set the referer header on AJAX calls. Also note that you can't rely on this for authentication or authorization, since referer information is easily spoofed in the browser. – Vegard Mar 15 '13 at 14:21
  • yes, but I dont need the authorisation & authentication. In particular my scenario , spoofing this is not a issue, but missing refere header is an issue. Thanks for mentioning that, i will check the browser compatibility now.. – umesh Mar 15 '13 at 14:25