I think this new endpoint can still be called from anywhere, maybe consider adding CORS. This will only stop browser calls though. That endpoint may also be susceptible to bots blasting it.
Maybe consider using something like KOR Connect? I have been using them as a middleware tool to secure my API Keys then placing the public URL that's created into my code. This seems to be a 2 birds with one stone kind of situation, as my API secrets are not exposed in my repo nor on my frontend. I find this tool to work really well for my projects where I need to secure a private API Key, don't want user authentication, and want to get it done quickly. They claim to also prevent bot attacks and prevent non origin calls. It's also free, which is a bonus. Here is a blog I found this weekend and followed: dev.to/korconnect/secure-api-keys-...
I found this to help me out a lot so I am putting it up an old blog post, in the hopes that it might help others looking in the future.
I think this new endpoint can still be called from anywhere, maybe consider adding CORS. This will only stop browser calls though. That endpoint may also be susceptible to bots blasting it.
Maybe consider using something like KOR Connect? I have been using them as a middleware tool to secure my API Keys then placing the public URL that's created into my code. This seems to be a 2 birds with one stone kind of situation, as my API secrets are not exposed in my repo nor on my frontend. I find this tool to work really well for my projects where I need to secure a private API Key, don't want user authentication, and want to get it done quickly. They claim to also prevent bot attacks and prevent non origin calls. It's also free, which is a bonus. Here is a blog I found this weekend and followed: dev.to/korconnect/secure-api-keys-...
I found this to help me out a lot so I am putting it up an old blog post, in the hopes that it might help others looking in the future.
Happy coding!
Hi Mary! Thank you for the advice and the blog post to follow! It is greatly appreciated. I'll look into it further!