Hi All,
Im using OAuth-Password grant type, once my client secret and client id is validated , Im calling a service callout(/ValidatePin) to validate the username and password from the server side which is working fine.
My question is how can I restrict the /ValidatePin call directly say http://osa-staging.osapi.com/ValidatePin , it should be only accessable through service callout .
Solved! Go to Solution.
It can be as simple as sending a secret (random 32 bit id) as queryparam or header from service callout & validating it in /ValidatePin conditional flow so that only a service callout which sends the id can make an API call.
Hope it helps.
--------------------------------------------------------------
Anil Sagar
It can be as simple as sending a secret (random 32 bit id) as queryparam or header from service callout & validating it in /ValidatePin conditional flow so that only a service callout which sends the id can make an API call.
Hope it helps.
--------------------------------------------------------------
Anil Sagar
@Anil Sagar Thanks for your input!
User | Count |
---|---|
2 | |
1 | |
1 | |
1 | |
1 |