I am using Nodejs,expressjs,and mongoose to develop a application.Now what is procedure or way to identify that the request hit of my rest api service is from my front end application not from any unknown request.
how to identify the request comming from my interface in node.js
353 views Asked by arijit158 At
1
There are 1 answers
Related Questions in NODE.JS
- Using Puppeteer to scrape a public API only when the data changes
- How to request administrator rights?
- How do I link two models in mongoose?
- Variable inside a Variable, not updating
- Unable to Post Form Data to MongoDB because of picturepath
- Connection terminated unexpectedly while performing multi row insert using pg-promise
- Processing multiple forms in nodejs and postgresql
- Node.js Server + Socket.IO + Android Mobile Applicatoin XHR Polling Error...?
- How to change the Font Weight of a SelectValue component in React when a SelectItem is selected?
- My unban and ban commands arent showing when i put the slash
- how to make read only file/directory in Mac writable
- How can I outsource worker processes within a for loop?
- Get remote MKV file metadata using nodejs
- Adding google-profanity-words to web page
- Products aren't displayed after fetching data from mysql db (node.js & express)
Related Questions in EXPRESS
- How do I link two models in mongoose?
- Unable to Post Form Data to MongoDB because of picturepath
- Processing multiple forms in nodejs and postgresql
- pnpm firebase app "Could not find a declaration file for module 'mime'"
- Products aren't displayed after fetching data from mysql db (node.js & express)
- What are some MERN projects that will grow me from junior dev to senior
- How Can I Make Dynamic Query In Sequelize with nodeJs
- Express session is not seened in server code
- Get Type Error when using .countDocuments with mongoDB
- Express JS Serve React JS Site With Path Longer Than Just Subdirectory
- Getting a Large Error Output When Calling MongoDB/Mongoose Functions Without an Error Message
- axios.post do not return anything when api call is made within backend
- bcrypt.compare receiving illegal argument string, undefined
- User is connecting to socket.io server twice
- i got "TypeError: data.map is not a function" and i can't get the data from backend
Related Questions in MONGOOSE
- How do I link two models in mongoose?
- Unable to Post Form Data to MongoDB because of picturepath
- Getting a Large Error Output When Calling MongoDB/Mongoose Functions Without an Error Message
- How to enter data in mongodb array at specific position such that if there is only 2 data in array and I want to insert at 5, then rest data is null
- connect ECONNREFUSED 43.205.72.30:27017 while connecting to Atlas
- How can I update existing mongodb database with a new array in Node js
- How Do Schema migration in mongoose & mongodb?
- How to save multiple string inside an array column in MongoDB
- Mongoose - Delete document with all array values are greater than specific value
- MongoDB - $lookup not getting an appropriate result
- Why do these two functions not return the same result?
- the transactions are not rolling back in mongodb
- Can anyone help to solve this
- Operation `todos.insertOne()` buffering timed out after 10000ms --- MongoDB Express Error
- Argument of type '"save"' is not assignable to parameter of type 'RegExp | "createCollection"' error while using pre method before saving schema
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
If your front end application is a browser web page, then there is no real way to limit your REST API service to only your web app.
The issue is that by its very nature the REST API service is available on the web to any client that wants to access it. You could add some authentication (some sort of secret key) that is required before the REST API service can be accessed, but you cannot hide that secret key in a browser web page. If the browser web page can get access to the key, then so can anyone else who looks at the code in the web page or on the wire.
Because browsers, by default, will not allow cross origin Ajax calls, you are already protected from some other web pages (on a different site) using your REST API service from the browser. But, other servers can still use your REST API service.
One common way that services attempt to manage the use of their APIs is that they require an API key be obtained for each legitimate use of the API. If a particular API key is found to be abusing the service, you can revoke the privileges of that API key. You can grant your own applications API keys (embedded in your web pages ) and you can even change those web keys regular (such as daily) to keep people from copying them once and then using them for a long time. But a determined hacker will still find a working API key and use it for awhile.
One common way that services attempt to prevent excess usage of their API and protect the integrity of their service is to implement rate limiting. You establish what you think is a reasonable number of API calls per second (or some such metric) that your own app would not exceed and you measure the number of API calls coming from each endpoint and if they exceed some threshold, then you either delay or deny or error their calls until they stop exceeding your threshold.