HOW TO SECURE API
Unanswered
Sardinian Shepherd Dog posted this in #help-forum
Sardinian Shepherd DogOP
alright so i have this dumb idea of writing an auth server which uses WPP connect library to send messages on Whatsapp and i just want to send otp..
now i have written how api would work and all but anyone can see what the button is calling right so how can not let that happen like even if they know the end point and what to send they can’t use it
omg i sound soooo stupid rn
now i have written how api would work and all but anyone can see what the button is calling right so how can not let that happen like even if they know the end point and what to send they can’t use it
omg i sound soooo stupid rn
2 Replies
you can try use an API key if the things connecting to your API are server side
@Jesse677 you can try use an API key if the things connecting to your API are server side
Sardinian Shepherd DogOP
yeah i thought of a way.. what i can do is create an encrypted message which can be decrypted only by the sender and my server and which contains time and an id... so with every request the key is new and there is a time limit for much time the key is valid so it is basically required with every query. in conclusion even if someone knows which API to call and what to send in the body they won't be able to use that api.