This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Defence against CSRF for API's

Posted on 09-25-2020 07:37 AM
sartajsisodiya
New Member
Reply posted on --/--/---- --:-- AM

How we can defence against CSRF attack on the apis which are exposed on the apigee ?

domain level restriction can be added in CORS but what about apis ? any suggestion 

<Header name="Access-Control-Allow-Origin">allowed-domain-only</Header>
0 3 485
Topic Labels
0 Likes
Reply
3 REPLIES 3

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

You can verify the origin header in request side.

0 Likes
Reply

Posted on --/--/---- --:-- AM
sartajsisodiya
New Member
In response to
Reply posted on --/--/---- --:-- AM

I am looking some other suggestion for API's, we are already covering that and same highlighted in the question itself

0 Likes
Reply

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Ok, then try cookies cleared for each request and resubmit the cookies again.

0 Likes
Reply