如何保护来自Postman等第三方工具的Web API请求调用?
[英]How to protect web API request call from third-party tools such as Postman?
问题描述
I am facing an issue regarding the calling of a web API in an MVC 5 Application. 
我在MVC 5应用程序中遇到有关Web API调用的问题。
I want to protect my web API from being called through tools (eg Postman, REST client and so on). 我想保护我的Web API免受通过工具(例如Postman,REST客户端等)的调用。 When I am logged into my apps with my login and password and I copied all request headers from browsers and pass the copied headers and API URLs in the Postman and submitted. 使用登录名和密码登录到我的应用程序后,我从浏览器复制了所有请求标头,并在邮递员中传递了复制的标头和API URL并提交了。 After submit, it is getting a valid response. 提交后,它将收到有效的回复。
How to protect against this? 如何防止这种情况发生? I want to call it from my apps only, not other tools like Postman. 我只想从我的应用程序中调用它,而不能从Postman等其他工具中调用它。
1 个解决方案
解决方案1
1 已采纳 2017-07-13 07:29:44
You can look into either: 您可以查看以下任一内容:
- adding an API key as part of authentication, which your apps (clients) will store on their side and send with each request (of course, anyone having an API key can also do this); 添加API密钥作为身份验证的一部分,您的应用程序(客户端)将存储在他们的身边,并随每个请求发送(当然,拥有API密钥的任何人也可以这样做);
- if your apps are web-related clients you can ramp this up by only allowing requests sent from a list of trusted domains 如果您的应用程序是与Web相关的客户端,则可以通过仅允许从受信任域列表发送的请求来增强此功能
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.