[FIXED] Securing an API from other web apps


I have a react web application using the flask API (previously used Express). The product of this app is the data displayed. I don’t want other people to be able to call the API and get that data easily.

I want to protect my API so that only my React app can access it. How can I do that?


First, if your client code and API server are running on different domains or ports, configure CORS on your API server to only honor requests that originate from the client code’s domain. Second, authenticate legitimate users so that only authorized requests for data are honored. There are lots of 3rd-party libraries to help with authentication.

Answered By – Ross Hunter

Answer Checked By – Candace Johnson (Easybugfix Volunteer)

Leave a Reply

(*) Required, Your email will not be published