I'm using an Azure function app for my website to help send email. I use Azure Function authentication and pass the key as header from Ajax request and that works well. But my issue is that, having the function call in the JS of the website make it prone to my friends sending automated Http requests, such that the function is repeatedly executed Is there a way to avoid this. May be using the request sender IP?
Asked
Active
Viewed 410 times
1 Answers
0
Azure Function keys are not supposed to be shipped to the end user devices (be it browser, mobile app, IoT device etc). You should hide function calls behind some authentication flow.
See these links for some options:
A very similar question, but from Mobile app point of view:
Mikhail Shilkov
- 34,128
- 3
- 68
- 107