How to make it so that access to the backend api is denied?

J

jedifa2021-07-23 19:54:08

Node.js

jedifa, 2021-07-23 19:54:08

Please tell me, I have a website with a node js backend, when I send a request from the front using axios, this request is visible in the network tab, and the api address is also visible, so is it possible to make an unnecessary person not be able to send requests on back?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

A

Andrew, 2021-07-23
@deepblack

Of course you can, you need to disable the backend. Then there will be no access.

V

Vasily Bannikov, 2021-07-23
@vabka

No. Impossible.
You can only smear everything with CORS so that it cannot be called from other sites, and deliberately confuse the API so that other people do not understand what needs to be requested and with what parameters.
Well, add authorization so that only authorized users can send requests.

R

Ranwise, 2021-07-23
@Ranwise

try graphql, it's more confusing))
to access the api, they issue a token when authorizing by login \ password + CORS + rate limit
, the task of hiding the api is not clear ...