0

I'll make some API's on my ASP.NET MVC project, but there is one API whit a PUT methode that I'll protect form all the users so that they can't access it. Only by an ajax request from my site, can acces it whit a special API key.

My idea was to make a new community user whit an API key. That key must update every day so that it can't be stolen. The community user can't login on the site. Now if that API has been called from an intern ajax request, I check if the key in the URL is equal to the API of the community user. If not I send a response that the key didn't match.

The key is a string whit 45 upper- or lowercase chars, numbers or special chars like stripes, underscores and spaces. For the site, I use HTTPS.

Is this system secure for hackers and other people that will steal it? So no, are there better ways to protect that API?

Improve this question

1 Answer 1

Reset to default
1

just control request islocal that simple , then none can call this api from any website or anywhere only on your server 

 public string GetMyName() { if (!HttpContext.Current.Request.IsLocal) return null; return "myName"; }
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Just one more question for you: Can you say me that I was on a good way. Can anyone hack my system or not? A hint for Stack Overflow: put details on your questions and answers.
well api key is kinda for count who use this api how many times , if you wanna prove ur security you have research about request headers good luck :)

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.