0

My sites architecture. Both components are hosted on AWS via elasticbeanstalk.

Frontend: React gets data via API Endpoints served from backend

Backend: Django REST Framework

I want to restrict api access such that:

  1. only the frontend can grab data from the REST API, some data is public to anyone on the site, some only accessible to signed in users

  2. whitelisted developers can access data from the REST API such that they can develop the frontend display of that data

  3. No other machine, site, service, person, alien can access the REST API unless we know about it!

Willing to research and learn required to implement a solution like this, just would like to have some guidance as I am a young Padawan.

Improve this question
2
  • 1
    You cannot restrict the API access to your frontend. It runs on a user machine in the browser, so your API is technically available to everyone. You can only limit access by authorizations via username/password Commented Jul 3, 2021 at 8:33
  • @AlexandrTatarinov I don't imagine my use case is unique. Would this stackoverflow.com/questions/13895679/… post be along the right vein. Commented Jul 3, 2021 at 16:20
Related questions
0
Security and API implementation - REST
4
django rest Framework authentications
6
Python/Django REST API Architecture
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.