Secure access to api only from chrome extension Code Answer

Hello Developer, Hope you guys are doing great. Today at Tutorial Guruji Official website, we are sharing the answer of Secure access to api only from chrome extension without wasting too much if your time.

The question is published on by Tutorial Guruji team.

I am working on allowing a chrome extension to post a new entry to my site via post data.

I want to be able to lock it down so only the chrome extension can post. If I get post data from anywhere else I want to reject it.

Does anyone know if/how this is possible or how you would go about doing it?

Answer

Unfortunately, validating clients (whether a Chrome extension, an Android app, an iOS app, client-side JavaScript, or some other client) from a web server is an unsolved problem.

There are some things that you can do to deter abuse and mitigate this problem such as:

  • Requiring user authentication (and rate-limiting usage per-user)
  • Rate-limiting access on the basis of IP addresses
  • Requiring tokens to be provided that are handed out in prior requests (this can be used to ensure that certain APIs are called in certain expected orders / patterns).
  • Showing a CAPTCHA or other challenge for anomolous or over-limit usage

While you can additionally check things such as user agent, referrer URL, or a token that you embed in the Chrome extension, with any distributed application, it is easy to reverse-engineer these and mimick them in a counterfeit app, and so these aren’t true solutions.

We are here to answer your question about Secure access to api only from chrome extension - If you find the proper solution, please don't forgot to share this with your team members.

Related Posts

Tutorial Guruji