How to customize remote api call?

Question

I write a signup webpage with nodejs, and in this webpage, I use ajax to call the function signup like this

$.ajax({
  method: "POST",
  url: "/signup",
  data: { tel: tel, password: password}
})

And in app.js, the signup function like this

.post('/signup', async (ctx) => {
   //do something
})

And now everyone can call the signup function with the url http://domain/signup without visiting the signup webpage, I think it's a mistake, I only want the local program can call this function, how can I fix this?

score 0 · Answer 1 · answered May 23 '18 at 18:45

Typically it's either API Keys for doling out general access, or IP-based restrictions at either the application or network level.

API Keys are a token that identifies and authenticates an endpoint. You can also use it to track usage and/or ban abuse. For example, see Google Maps' documentation about using their API. Then all API calls have that key:

https://maps.googleapis.com/maps/api/js?key=YOUR_API_KEY&callback=initMap

This allows the server to parse the key, check against it's key database or whatever, and allow access. You'll need to use HTTPS for this if it's over any public network.

IP or other network restrictions are easier to setup and best when you have a 1:1 relationship with your API. That is, your application alone accesses this API, and you control all the servers, etc.

How to customize remote api call?

1 Answers1