Restricting access to Account apis

Question

User-1756964112 posted

How can I restrict access to Account apis to parties I want? I don't want the whole world to register and start using my apis.

Answer 1

User-734925760 posted

Hi,

According to your description, you want to make some restrict for API. I don't know information about your requirement. But I think you need to give more information about your requirement.

For example, if you want to restrict the Ip address, then you need to add the Ip as the parameter to the API, then you can check the IP in the API code behind.

Hope it's useful for you.

Best Regards,

Michelle Ge

Answer 2

User-1756964112 posted

Our webapis are for developers who will be using them to integrate their products with ours. These apis will be hosted on web servers and we don't want anybody to register and start using them. We want some control over who can access these apis. We are going to use client side certificate in one scenario but we also have asp.net OWIN in there and we just want to control the use of registration api so that it is not open for abuse.

Answer 3

User-1756964112 posted

What if webapi can only get a token, call logout and change password apis, and there is another app that is not exposed to the outside world and this is used for registering a user.

This should do the trick. Are there any security issues anyone can point with this scheme?