Protecting api/:path*
Unanswered
West African Crocodile posted this in #help-forum
West African CrocodileOP
Hi all, I am using Vercel to deploy nextjs application and my api endpoints are open.
All the api/path are publicly accessible but I want to protect them such that only internal requests from Vercel are allowed and prevent access from postman or other tools.
Appreciate your help. Thanks!
All the api/path are publicly accessible but I want to protect them such that only internal requests from Vercel are allowed and prevent access from postman or other tools.
Appreciate your help. Thanks!
2 Replies
Asian black bear
This technically makes no sense - if you don't want public endpoints move the logic to server-side code using server components for fetching and auth-protected server actions for mutations. In most cases your server code shouldn't fetch itself which is why the need to firewall your API routes is often artificial and indicative of an xy problem.
In all other cases where you want to restrict access for third party apps access your public API you'd use tokens for authentication.