I would like to know if through Cloudflare we can manage who can make requests to our API. Similar to setting CORS annotations but instead of setting them on the server I would like to do it through Cloudflare.
For example.
WebsiteA.com can make requests to api.websiteA.com
WebsiteB.com can make requests to api.websiteA.com
Anyone from the world cannot make requests to api.websiteA.com
Any tips and tricks are greatly appreciated! Thanks!
There isn’t a good way outside of CORS to block requests. CORS only works for browsers and is designed so that anyone visiting your site can access the resources, but people from other sites can not. You could add a secret header to all the requests that are being made from your selected sites, but it would be trivial to get that header and make the requests. This is the issue with browsers accessing APIs your API needs to be globally accessible unless you are limiting countries or are using authentication.