Are there any good endpoint authorization methods that can limit access to my webpage? By this, I mean I want to limit who can potentially access my endpoints strictly to my webpage (ex: I don't want users to be able to send requests from Postman or from a request library in an endless for-loop to my endpoint and exhaust my resources), if it is even possible.
Generally, I was thinking something along this lines of:
- Generate token on the web page with some function
- Generating same token on some backend server
- Comparing the two hashes of the two tokens and if they're equal when a request from the client is sent to the server, then send back a valid response, else respond back with a 401 status response code
The only issue with this is that the (javascript) code that generates this token will be accessible to the user and then they can just run the code themselves to generate request tokens. The only potential solution I could see would be to obfuscate the code and modify/change it on a regular, automatic basis.
Is there any valid way to do some sort of authentication for endpoints like this? If not, Is there at least be some system that can potentially slow down the rate of malicious requests toward my endpoints?
Thanks!
Aucun commentaire:
Enregistrer un commentaire