Everything ok?
I created a react application that communicates with a rails api.
It is a very simple application, but there is this communication between react and api.
My question is…
Do I need to create a token of authentication so that third parties do not use my api? Or can I somehow tell my api that it only responds to requests that come from my site?
Thank you for your help!
3
Answers
thank you both that give me some answers.
I came from work now, and sit to study a little, and I found about CORS. That is exactly what I was looking for.
Here is a guide specific about a gem that make it in Rails. https://www.stackhawk.com/blog/rails-cors-guide/
Okay let me help you with that. I hope you could create a sever with a URL like this: ‘localhost:3000/api/’ or ‘https://something.api/api’. You can use this API in React by using Axios methods like:
axios.get("localhost:3000/api/")
.It seems like you want to create a authentication token when someone calling your API. Hence there are several hash libraries are available for creating API tokens according to time, username, etc. You can create it save it to your database. Whenever API call like this ‘https://something.api/api/key=hfudjuh8989’ you can get the key as from params and use it to verify with your database.
Sure, you can create a middleware for your route that checks for that token, but you can also limit the request only to a specific array of client