code-gov-api icon indicating copy to clipboard operation
code-gov-api copied to clipboard

Published 20 hours ago verified publisher icon GSA

Add whitelist domains to code-gov-api

Open froi opened this issue 6 years ago • 0 comments

Expected Behavior

Our API should only allow a whitelisted domain / IP to make a direct request to it.

Current Behavior

Anybody with the API endpoints can make a direct request.

Possible Solution

Add a whitelist of domains/IP to our CORS configuration.

Steps to Reproduce (for bugs)

This is not a bug

Context

We want to use api.data.gov as our API gateway. One of the major goals with this is having usage data for the API. The only way this will really work is if we limit the access of the API to the website and api.data.gov.

froi avatar Dec 18 '17 15:12 froi