I would like to ask, if it is possible, to prevent BAD use开发者_开发知识库rs doing many queries to my RESTful web API. Here is my situation:
My client app makes a query to web API. This query consists of EAN code of a product. Server replies with product parameters and other product information. Now, what I am trying to prevent is, my competitor (BAD user) to steal precious data which I needed to gather manually. The problem is, that BAD user has the list of all the EAN codes and can do automatic queries to get all the datas from my API.
Throttle them so they can only request x times per ip/per minute...perhaps by an auth token or API key that end users would have to register for. Or you can just blacklist their IP's all together if you know them.
Make the API users register themselves and hand out API keys to everyone. the key can be part of the URL if you like. That way, you can track which users are doing what, and have usage limits if you want.
Sure, you need to apply security to your APIs. Don't allow anonymous access to your resources or APIs and make sure that only your "good" clients have the permissions to call them. HTTPS basic authentication along with SSL encryption at the transport layer would do the trick, or have them specify a secret client key as part of the request.
精彩评论