How can I prevent a "rogue" front end?



  • I developed my product, which is exposed via API+web+mobile app.

    How can I prevent a 3rd party from developing its own front end and plug it on my backend?

    I'm not talking about a simple phishing attack but a "chaotic-good" guy, that thinks my frontend sucks and wishes to provide my service on his terms and get away with my ads revenue, got it?

    Details:

    1. The Api is exposed by Azure API Management service.
    2. Backend is .Net 5


  • There is no magic solution. Only if you authenticate the users of your API, you can be sure nobody else is using it. Any other approaches like prohibiting access based on IPs or using any HTTP headers with special content can easily be circumvented.


Log in to reply
 

Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2