How to restrict the upstream APIs to a particular url #1887

gkumar1234 · 2021-07-09T22:35:32Z

gkumar1234
Jul 9, 2021

React App calls our API and need to make sure we restrict the upstream APIs only to this React app only. Note that both the React app and the API are on the same domain with different urls.

Was looking for options to restrict calls using Origin or other request headers but seems it can be spoofed.

Tried UpstreamHost but it did not help.

Not sure if this is possible. Appreciate help.

Answered by raman-m

Jan 6, 2024

Hi! Why not to define authentication route?
Your React app could sign simple jwt-token with custom claim, with custom header name, with short expiration time (<= Timeout).
Then, authenticate, then transform claim to a static header if API is private. If it's public, I recommend to close API turning it to authorized with a short jwt-token from React app.
Pay attention, your React app plays the role of identity server generating all auth-tokens for all apps in your workflow.
Hope it helps!

View full answer

raman-m · 2024-01-06T14:34:19Z

raman-m
Jan 6, 2024
Maintainer

Hi! Why not to define authentication route?
Your React app could sign simple jwt-token with custom claim, with custom header name, with short expiration time (<= Timeout).
Then, authenticate, then transform claim to a static header if API is private. If it's public, I recommend to close API turning it to authorized with a short jwt-token from React app.
Pay attention, your React app plays the role of identity server generating all auth-tokens for all apps in your workflow.
Hope it helps!

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

How to restrict the upstream APIs to a particular url #1887

{{title}}

Replies: 1 comment

{{title}}

Select a reply

How to restrict the upstream APIs to a particular url #1887

gkumar1234 Jul 9, 2021

Replies: 1 comment

raman-m Jan 6, 2024 Maintainer

gkumar1234
Jul 9, 2021

raman-m
Jan 6, 2024
Maintainer