code-gov-api
code-gov-api copied to clipboard
Add whitelist domains to code-gov-api
Expected Behavior
Our API should only allow a whitelisted domain / IP to make a direct request to it.
Current Behavior
Anybody with the API endpoints can make a direct request.
Possible Solution
Add a whitelist of domains/IP to our CORS configuration.
Steps to Reproduce (for bugs)
This is not a bug
Context
We want to use api.data.gov as our API gateway. One of the major goals with this is having usage data for the API. The only way this will really work is if we limit the access of the API to the website and api.data.gov.