Get started
We are having lots of fun on Discord. Come and join us!
Star on GitHub 45.1K Get started
Back

API endpoint and API calls from Localhost - security?

  • 0
  • Self Hosted
  • Web
  • Cloud
View on Discord
doctorBoBo
27 Aug, 2024, 08:06

In the docs for Custom Domain (https://appwrite.io/docs/advanced/platform/custom-domains#endpoint) it is stated that "By default, Appwrite only allows API calls from localhost, appwrite.io, and your project's default custom domains. " My appwrite is on a VPS and I can make API calls both from the front end that runs on my domain and the front end from my localhost. Perhaps a noob question: but how can Appwrite know that my localhost is the legitimate one and someone else making API calls from another locahost is not? I don't remember uniquely authenticating my localhost towards my appwrite instance. Or is there some magic happening in the background that I am not aware of? And if any localhost can make API calls to my appwrite: how do I close this security hole?

TL;DR
Appwrite only allows API calls from specific locations like localhost and appwrite.io by default. If you want to restrict API calls from your localhost, you need to either set up unique authentication for your localhost or add additional security measures in your app.
Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more