6
I searched and could not find solution to the following problem:
How do I control requests on a particular REST service?
For example, if I have a blog where I access my services (insert post, remove post, update post, for example) as follows localhost:80/post/insert/id=1
via application, and if I type this in the browser without making a request via application, I will perform the insertion the same way. My doubt is:
How can I ensure that my REST services will only respond to my application?
It is recommended/feasible to send the token to header
Authorization
? And why send also theuser
? In addition to the possibility to limit the number of calls to the service by the same user as suggested in the other reply, there is some other reason?– Piovezan