locked
Restricting access to Account apis RRS feed

  • Question

  • User-1756964112 posted

    How can I restrict access to Account apis to parties I want? I don't want the whole world to register and start using my apis.

    Tuesday, December 2, 2014 3:45 PM

All replies

  • User-734925760 posted

    Hi,

    According to your description, you want to make some restrict for API. I don't know information about your requirement. But I think you need to give more information about your requirement.

    For example, if you want to restrict the Ip address, then you need to add the Ip as the parameter to the API, then you can check the IP in the API code behind.

    Hope it's useful for you.

    Best Regards,

    Michelle Ge

    Wednesday, December 3, 2014 6:10 AM
  • User-1756964112 posted

    Our webapis are for developers who will be using them to integrate their products with ours. These apis will be hosted on web servers and we don't want anybody to register and start using them. We want some control over who can access these apis. We are going to use client side certificate in one scenario but we also have asp.net OWIN in there and we just want to control the use of registration api so that it is not open for abuse.

    Wednesday, December 3, 2014 3:37 PM
  • User-1756964112 posted

    What if webapi can only get a token, call logout and change password apis, and there is another app that is not exposed to the outside world and this is used for registering a user.

    This should do the trick. Are there any security issues anyone can point with this scheme?

    Wednesday, December 3, 2014 6:50 PM