#Securing my api in laravel

help guys i have an api i dont want users to see the api is a get method and if anyone types it in the browser it will display my json, i am using the api for my app so how do i make only my app can fech from the api? thank you.

what are you exposing it for ?

But middleware and apache/nginx config protection atleast

protect the api with auth and limit access in cors conf?

like all this stuff is explained in detail in the documentation, please take some time and effort in reading it through first.

Hello. This is a little confusing because your json will be passed between the layers of your application. I don't know how your api is structured but you hide sensitive fields in your json so that they are not shown in the 'get' method. There is more than one way to do it and I will mention two. The first is to create a private 'hidden' attribute in your model, placing all the fields you want to hide within the array.
The other way is, when querying the DB, select only the desired columns.

If you mean that you want to block authenticated users from firing the same requests as your app does in another way (e.g. copy URL), you essentially can't and shouldn't mess with it. The same-origin policy and correctly configured CORS settings will be enough.

If you mean you want to prevent the API from being used unauthenticated, look at the docs for auth.

You could configure your frontend to always pass a specific header, and require your app to refuse requests lacking that, but of course that can easily be reverse-engineered

i see thank you

thats exactly my issue

was just worried some one can debug my app and see it in the file

No I mean, why do you have an API endpoint exposing this data

because my app needs the data

what app is it ?

some purchase app i usually sell stuffs like airtime in it

is the app a web app or a phone / desktop app? is it a public app or a private app?

phone app

then you can't rely on this

because user can MITM their own phone by proxying connection through something like burp

what data is it

a json data of all the prices of my products

wait why is this data so sensitive you don't want it exposing

i dont know the mind of a hacker so i feel it might be relevant to them

well do you have any reason to hide the prices?

when someone purchases something, they don't send u the price do they?

you are calculating this at server yah ?

But yeah, if the users device is making a request to your server, and your server responds with data

That data will always be visible and you should never transmit anything sensitive