This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

How to handle exposing an API that is consumed by client side code on a website.

Posted on 10-06-2015 12:37 PM
Not applicable
Reply posted on --/--/---- --:-- AM

Posting this on behalf of a customer.

We are helping a team design an API that will expose store stock position. For example this would enable a consumer to search for a product within a location, to see if the item is in stock. The same API would be used by all consumers: Desktop web, mobile web, mobile native apps and third parties. The current thinking is to have the API accessible by the front end code base and it would be called by javascript. We would use a key to identify the consumer, and this would have a high quota for mobile web or desktop web due to the potential number of users. However, it would be relatively easy to go through our front end code and retrieve this key. This would enable someone to either aggressively attack or crawl this endpoint.

Are there any design patterns, guidelines or recommendations for exposing this kind of APIs?

--SF913450--

0 4 641
Topic Labels
0 Likes
4 REPLIES 4
Top Solution Authors
View all