Let only my domain access my api

Is it possible to use cloudflare through a firewall rule to only allow my domain to access my api? Basically, any other domain or person would be blocked. Only my website could make requests. Is this possible? Both are being proxied on cloduflare’s network.

The only way to truly protect access to your APIs to authorized clients is to implement an authentication system and ensure that people have valid credentials.

However if you want to ensure that only your website can access the API and still have it open then you can implement Cross-Origin Resource Sharing (CORS) which browsers use to indicate whether a specific webpage should be able to call your API, be warned though it can be disabled by clients and is there primarily for security of the users, not your API.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.