Secure API Question
Unanswered
Daggertooth pike conger posted this in #help-forum
Daggertooth pike congerOP
I have a question mainly about APIs.
How do APIs keep their endpoints secure or even hidden?
For example, if I link my website up to vercel/analytics, how do they tell the difference between a real anaytical log request and one that a malicious hacker copied with cURL and spammed it. How would I be able to make my own API endpoint that can do this task too.
Be able to keep it so secure or even hidden so someone can't see the request. If I was to use the vercel/analytics and I used the
How do APIs keep their endpoints secure or even hidden?
For example, if I link my website up to vercel/analytics, how do they tell the difference between a real anaytical log request and one that a malicious hacker copied with cURL and spammed it. How would I be able to make my own API endpoint that can do this task too.
Be able to keep it so secure or even hidden so someone can't see the request. If I was to use the vercel/analytics and I used the
track('Event') function, how does vercel keep the API so secure that a malicious user cant repeat that request again and again but vercel knows when my website is sending it normally.17 Replies
Daggertooth pike congerOP
Because with the fact that, the track function is a client ran function, how do they secure it?
Daggertooth pike congerOP
.
can you ping in your replies please and thank you
@Daggertooth pike conger can you ping in your replies please and thank you
Netherland Dwarf
I can't answer all of your questions, but for this
How do APIs keep their endpoints secure or even hidden?Typically, you have two servers a backend and a frontend. Your backend has all of your sensitive data which is never shared with the frontend
How this is done with next.js is by running code on the server, running your code on the sensitive server prevents it from being shown on the client
@Netherland Dwarf I can't answer all of your questions, but for this
> How do APIs keep their endpoints secure or even hidden?
Typically, you have two servers a backend and a frontend. Your backend has all of your sensitive data which is never shared with the frontend
Daggertooth pike congerOP
i understand this
but what im asking is how do they make it secure
my example was vercel analytics, how do
(especially for custom event tracking) they secure their api endpoints that log the event informationif i use track and i test my website, how come i cant look at the request, copy it with curl and repeat it with postman
to spam my vercel dashboard with events
Daggertooth pike congerOP
.
Blue whiting
it's not secure, it can be pinged from a malicious host
but there's little reason for someone to do so
you could make a custom endpoint and secure it that way, but when you are given a script to implement in your frontend, it won't be secure per se
@Blue whiting it's not secure, it can be pinged from a malicious host
Daggertooth pike congerOP
surely not, i could just spam their api 10000 times and flood someones analytics
they would get charged money
and their dashboard is flooded