How do I catch the request url / domain in my REST api?

php api url rest dns
10,044

Solution 1

In Internet every address could be faked (VPN, proxies etc). It's one of fundamental principles of the network.

You will never could detect with 100% warranty, so the maximum what You could have is $_SERVER['HTTP_REFERER'] and $_SERVER['REMOTE_ADDR'].

You could make additional verification for it's existence before to save/process it, but it could cost some additional performance of Your server.

If Your aim is to provide some additional access rules to some methods / data, You should use an other verification mechanism (tokens, passwords etc).

Solution 2

print_r($_SERVER);

may be it'll useful for you

Solution 3

It sounds as though you're looking for the HTTP referer, accessible in PHP through $_SERVER['HTTP_REFERER'].

Solution 4

As far as I know, there are no reliable ways to determinate the domain where a request comes from. Maybe you could check the client's IP address and/or the HTTP referer and match it to a set of domains,... but that wouldn't be 100% safe in my opinion.

How about implementing an (optional) parameter for your API calls, which has to be the domainname?

Solution 5

I ended up defining a key constant in an external php file that I will deliver to the client within the CMS. (Already have a bunch of constants anyway).

On the server side I put the key in the database and compare these keys on every request. This is not fool proof but I realized I could use the key for other functions aswell and so I implemented it anyway.

Using this combined with various other security checks I found it unnecessary to have to track the request domain. Thanks for the responses guys!

Share:
10,044
JeremyS
Author by

JeremyS

Young Web Developer finishing up a Bachelor in Computer Sciences in Belgium, EU.

Updated on June 16, 2022

Comments

  • JeremyS
    JeremyS almost 2 years

    This may have a simple answer (and I hope it does) but looking online I only found examples of how to get the current URL/Domain. No where could I find how to get that of the incoming http requst.

    My set up is a REST api that handles the typical GET/POST/DELETE/PUT requests. I have to return domain information for clients about the domain they're pulling from. Hence, if a client using my CMS clicks on info, he must receive info about the domain he is logged into (and thus sending the request from).

    I chose not to add code here, seeing as my question pertains less to actual code as it does to methodology. Thanks in advance for any and all answers!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Laravel Api update and delete function
Securing a REST API and Slim Framework
REST API in PHP output to JSON file extension
How can I download/upload images in a REST API?
Is HTTPS protocol relevant for REST API Webservices?
how to call an api via php and get a json file from it
Web services - REST vs PHP JSON RPC
create post wordpress.com using rest api
How to get the domain name without www, subdomain, and com/net/org/etc
API integration in Codeigniter application