I'm looking for a way to prevent clients from accessing my REST API for ticket purchasing, especially those that use automated methods to resell tickets at higher prices. Has anyone developed a solution for this, or do you have any suggestions on how to verify that a request is coming from a legitimate app?
2 Answers
This question comes up a lot! The reality is that anything you implement can potentially be spoofed by someone with enough motivation. For example, if your app indicates it's a specific version, someone could easily pretend to be that version. While stopgap measures exist, they can often be bypassed. Instead of just blocking clients, I'd suggest you clarify what you're specifically trying to prevent. Understanding your goal might lead to more effective solutions.
I've tackled a similar issue before. One effective method we used was implementing an HTTP client certificate challenge. This, in combination with enterprise security software and strict admin controls, helped prevent users from easily accessing or replicating the required certificate. However, if you don't have full control over your client devices, it becomes much tougher to prevent unwanted access.
Related Questions
How To: Running Codex CLI on Windows with Azure OpenAI
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically