I'm using django-rest-framework, which accepts API requests from frontend javascript. My frontend javascript and backend django APIs are hosted on the same apache server and are within the same domain.
Is there a way by which I can ensure that my APIs are accessible only via the frontend javascript and not via curl commands or any other programming methods ?
I'm not sure about that, the nature of an API is making it accessible to those who have the key and correct way to request information but there are other tools to achieve the same effect if you're only wanting your db accessible from your site. Take a look at django ajax https://github.com/yceruto/django-ajax it works by throwing a decorator on a view which returns a json response. I've found it to be a very helpful tool.
