I'm new to API building, but have made some simple serverless stuff to try it out.
My question is this:
Can I build an API that doesn't authenticate the fetcher with a token, but rather with the requests origin?
Here's an example: A request comes in from wwww.example.com to my API. The script checks wether example.com is a paying customer or not and if it is, then it sends back the requested content.
Can this be done somehow? Is this not safe enough? Is it not possible to do with HTTP requests? Why hasn't this been done yet?
Thank you for taking the time to read my question.
question from:
https://stackoverflow.com/questions/65835666/making-an-api-without-authentication-can-i-use-the-request-origins-url 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
