0
Guys is the following I have a method post that the guy makes money for it, last night the guys hacked all the money from the site with the Postman program by sending the points to him by the program’s method post, Is there any way to protect that data so that no one can do that? Or block the page so that only the server contains access to it?
You are using api on your system?
– Marlysson
I’m not using is pure php
– Diogo Silva
Without knowing the business rule you implemented it gets a little complicated to give some suggestions. But since only the server has access, it could check where the request comes from using the $_SERVER['HTTP_ORIGIN'] , with this validates if it came from your server where the system is. With this, theoretically, only your server could send requests for this functionality.
– Marlysson
@Marlysson that made a mistake for me...
– Diogo Silva
What error? Search what this global var of php means, why it is useful to you, and update the question with your error tried.
– Marlysson