How to restrict access to apigee url with respect to domain

lipigandhi3196 · April 27, 2022, 5:07pm

Hi Team,

Can anyone please help me with my usecase.

I want to restrict the access to the backend if the apigee proxy is requested from different domain.

For example : If the request comes from https://clientA.com to https://myapigee.apigee.net then only the request should pass to target backend. But if the request comes from any other site to apigee, apigee should throw the error.

But I am not sure how can I implement this.

emarcotte · April 27, 2022, 6:09pm

A request policy that raised a fault if referer was set inappropriately might work for you. I would worry if this is intended as a “security” thing that this is a work-around for a missing api key / oauth implementation though…

dchiesa1 · April 28, 2022, 2:17pm

Yes, any client can set the referer , therefore it cannot be used as an authenticated data item. It’s not to be used for security.

Topic		Replies	Views
How to restrict api call based on domain name? Apigee api-runtime	22	19	June 16, 2015
Lock Apikey to domain via referrer Apigee apigee-general	1	1	June 20, 2019
AccessPolicy apigee whitelist Integration Services application-integration , integration-connectors	2	0	January 9, 2025

How to restrict access to apigee url with respect to domain

AI Suggested topics