1

Here I ask for implementation laravel API and Laravel APP communicating each other. Here's how the flow supposed to be:

Laravel API side, can retrieve all request from outside that had account and token and response it. In account create form, required to fill web URL from where they want to request and give'em the token.

All request worked if the token is authorized. but it's only using token.

It's possible to check from where request come from, and deny it if token and URL is not match?

api-laravel.test
data 1 : token = abcde , web_url = laravel-app-1.test

from now:

laravel-app-1.test -> request url (token: abcde) -> api-laravel.test = response OK
laravel-play.test -> request url (token: abcde) -> api-laravel.test = response OK

I want is like:

laravel-app-1.test -> request url (token: abcde) -> api-laravel.test = response OK
laravel-play.test -> request url (token: abcde) -> api-laravel.test = unauthorized

Any explanation..

Improve this question
1
  • You can detect with $_SERVER['HTTP_ORIGIN'] or $request->headers->get('origin'); for Laravel. Commented Oct 21, 2023 at 5:49

1 Answer 1

Reset to default
0

You could create a Middleware that does this check for you.

  • Check if Token is valid.
  • check if host matches the descritpion on the token.
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.