See the following situation:
I have a public endpoint(API) to use only on my website, e.g. a search form with an autocomplete field, how to protect this field to not expose to the spammer. you would tell me to use JWT or authentication token (Well)
What if an anonymous user wants to search for something on my website?
Do I ask him to register?
How to use the token without exposing it in the frontend in the ajax request?
I know that I can use quota limitation(in fact I will use it)
but if in addition to that I want only my website can use this endpoint nobody else
How do I do it without exposing my token?
When I had the requirement of creating an API and "eating our own dog food", I made the backend call the API, rather than have it happen at the front end.
That way the API key is locked to one user, but many people can use it.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I'm sorry for being dense, but I don't understand what problem this is solving.
Do you want to use the csrf token in a GET request?
See the following situation:
I have a public endpoint(API) to use only on my website, e.g. a search form with an autocomplete field, how to protect this field to not expose to the spammer. you would tell me to use JWT or authentication token (Well)
What if an anonymous user wants to search for something on my website?
Do I ask him to register?
How to use the token without exposing it in the frontend in the ajax request?
I know that I can use quota limitation(in fact I will use it)
but if in addition to that I want only my website can use this endpoint nobody else
How do I do it without exposing my token?
Ah! I see. Thank you for clarifying.
you are welcome
When I had the requirement of creating an API and "eating our own dog food", I made the backend call the API, rather than have it happen at the front end.
That way the API key is locked to one user, but many people can use it.