I have react frontend and backend on flask. But the backend APIs are also getting called from Postman. So I used methodology of API keys. But these API keys are getting exposed, when we inspect elements in browser. So what can be a effective way to secure all my backend APIs and are not accessible except my frontend app. Thanks in advance
Asked
Active
Viewed 25 times
0
-
On the internet, nobody knows you’re a dog. HTTP requests coming from “your app” and any other HTTP client look identical. – deceze Apr 16 '22 at 11:29
-
Try sending CORS headers on your response, so that the backend only responds if the request comes from a particular domain - in your case, only your frontend domain. Checkout this answer - https://stackoverflow.com/a/38643881/8252164 – samuellawrentz Apr 16 '22 at 11:30
-
1@samuel That won’t help against Postman, curl et al. – deceze Apr 16 '22 at 12:01