loading...

re: How to set token authentication via AJAX in Django to secure the API URL VIEW POST

TOP OF THREAD FULL DISCUSSION
re: I'm sorry for being dense, but I don't understand what problem this is solving. Do you want to use the csrf token in a GET request?
 

See the following situation:
I have a public endpoint(API) to use only on my website, e.g. a search form with an autocomplete field, how to protect this field to not expose to the spammer. you would tell me to use JWT or authentication token (Well)
What if an anonymous user wants to search for something on my website?
Do I ask him to register?
How to use the token without exposing it in the frontend in the ajax request?
I know that I can use quota limitation(in fact I will use it)
but if in addition to that I want only my website can use this endpoint nobody else
How do I do it without exposing my token?

 

Ah! I see. Thank you for clarifying.

you are welcome

 

When I had the requirement of creating an API and "eating our own dog food", I made the backend call the API, rather than have it happen at the front end.

That way the API key is locked to one user, but many people can use it.

Code of Conduct Report abuse