Forum Academy Marketplace Showcase Pricing Features

How to prevent users make api calls outside of website?

What I’m trying to achieve is simple: Users can trigger API calls on the website (either by clicking on a button or simply being in the page), but they can’t make the api call outside of the website using postman or something like that. But now, they can. I hope the problem is clear. If it’s not, I’ll show you how you can make this what should be invalid api call too.

But first, this is my setup:

Authorization key is set for the api, good. I can fetch the data. Here comes the problem:

This is the network tab. You see those api calls? Those are “Get Live Matchesx” api call and these calls should only be valid when you provide the key in the header. And I did, look at the first picture.

And…
If you make a post call to this: https://csgoracle.com/apiservice/doapicallfromserver
With this content, you can make this api call too, without even opening the website! HOW?!

The content:
{
“timezone_string”: “Europe/Berlin”,
“service_name”: “apiconnector2”,
“call_name”: “cmNDi.cmNNg”,
“prev”: null,
“properties”: {
“provider”: “apiconnector2.cmNDi.cmNNg”,
“headers_Date”: “2023-01-25T20:25:46.813Z”
},
“authentication”: null,
“call_location”: {
“_raw”: {
“%p”: {
“provider”: “apiconnector2.cmNDi.cmNNg”,
“headers_Date”: {
“%e”: {
“0”: {
“%n”: {
“%p”: {
“%ft”: “iso_date”
},
“%x”: “Message”,
“%nm”: “format_date”
},
“%p”: {
“%nm”: “Current Date/Time”
},
“%x”: “PageData”
},
“1”: “”
},
“%x”: “TextExpression”
}
},
“%x”: “GetDataFromAPI”
},
“current_eval_node”: “%p3.cmNTJ.%wf.cmNNX.actions.0”
},
“serialized_context”: {
“client_state”: {
“element_instances”: {
“cmNqR”: {
“dehydrated”: “1348695171700984260__LOOKUP__ElementInstance::cmNqR”,
“parent_element_id”: “cmNRV”
},
“cmNRV”: {
“dehydrated”: “1348695171700984260__LOOKUP__ElementInstance::cmNRV”,
“parent_element_id”: null
}
},
“element_state”: {},
“other_data”: {
“Current Page Scroll Position”: 0,
“Current Page Width”: 853
},
“cache”: {
“CurrentUser”: “1348695171700984260__LOOKUP__1674598002545x534022809659739900”,
“7c8fed93dc301754d7acb30fe242eade”: true,
“4be6ea02c89f7b9ca092a0d7d3c15ecf”: “2023-01-25T20:25:46.813Z”
},
“exists”: {
“CurrentUser”: true,
“7c8fed93dc301754d7acb30fe242eade”: true,
“4be6ea02c89f7b9ca092a0d7d3c15ecf”: true
}
},
“element_id”: “cmNRV”,
“uid_generator”: {
“timestamp”: 1674678346760,
“seed”: 267177814501306180
},
“random_seed”: 0.7501821255937806,
“current_date_time”: 1674678346813,
“timezone_offset”: -60,
“timezone_string”: “Europe/Berlin”,
“inputs_must_be_valid”: true,
“current_wf_params”: {}
},
“page_load_time”: 1674677490983,
“app_last_change”: “12446245534”,
“ret_properties”: true
}