I'm using https://github.com/chriskacerguis/codeigniter-restserver for a CodeIgniter project. My frontend is a angularJS application.
I want to secure the rest service (domain.com/api/[calls]), so it can only be used from 'localhost', the server itself. Is that possible?
So what I want is that the webserver only accepted calls from my frontend (localhost) and not from another server of tool which calls directly the urls from my api.
I tried the whitelist api in rest.php, thats works fine on my localhost (XAMPP) but not the production server.
Using keys is not a good idea, since it is AngularJS and the code is readable.
