I can not find any information about Cloudflare Browser Insights on the API documentation.
https://support.cloudflare.com/hc/en-us/articles/360033929991-Cloudflare-Browser-Insights#5tDRl4LGok5jnHLGwuSww5
How can I disable it programatically?
Related
is it possible to disable Apache LDAP Auth for API resources, so it is still needed for the browser but not for any kind of REST API requests?
Or maybe bypassing it when requests come from specific networks?
Thanks
The only way I found to work around this is by whitelisting the network in the Apache LDAP Auth from which the API requests are done.
I have hosted a S3 static site into CloudFront. That site using rest api deployed into api gateway. API gateway has not access control.
I want to protect my api from being accessed by others. Only my static site can access it. I know I can use api key but that could expose by browser console which is not expected.
Is there other way to control my api access?
Thanks in advance
I have a similar issue as well. It seems like using referer or CORS restrictions are the best way to go. However, in practice I haven't been able to make it work after trying both CORS and referer restrictions. API Gateway has automatic protection against malicious behavior like DDOS attacks according to their FAQs, but it is disheartening that I haven't found a specific solution for protecting my API gateway that is only used for my S3/Cloudfront static site.
Google Cloud allows you to use their API keys on the frontend for integrations with services like Google Maps. The way they protect those keys is through restricting the API keys to certain domains. Unfortunately, I haven't found similar functionality for AWS keys. As you know, the only way to throttle or put quotas on API gateway is through API keys, so it looks like this would be useless for a static site that can't expose those API keys publicly on the frontend.
It defeats the whole purpose of going completely serverless if I am unable to configure my serverless API Gateway the same way I could congfigure a normal backend EC2 server. For now, I've created billing alarms so I don't get surprised with a huge AWS bill if something goes wrong with my unprotected API gateway.
I am starting to develop a web service and I want to enable login with google using their oAuth2. However, when I started reading the requirements I see that I need to authorize my domain and use https. I am in the very initial steps and I still don't have the domain setup and no certificate yet.
Is there any way to test google integrated into my site without all this? only for development phase?
Thank you
I have designed a Apigee TO-GO console I want it to be accessed only from my server is it possible. I gone through Apigee control policy but unable to understand how to achieve that. Here is link of Apigee access control policy.
http://apigee.com/docs/api-services/reference/access-control-policy.
It is not possible to make To-Go Console's URL private. Also it cannot be accessed by everyone unless you share the actual URL. The policy you are looking at refers to the APIs configured in the 'API Management' and has nothing to do with the To-Go Console.
Is basic/digest auth sufficient for a google chrome extension to authenticate into a web based API? Can someone hack into it? I thought that I dont need OAuth because the API is not a 3rd party API but part of my service (for which I plan to create an API and the Google Chrome extension which will use the API...)