I'm working on a chat web application for practice and want to level up my skills. My frontend sends messages to an API endpoint through commands like fetch("/send_message"). I'm worried that someone could replicate this and spam my API. What techniques can I implement to prevent this from happening?
2 Answers
To tackle spam, you could start by requiring users to authenticate themselves before sending messages. This way, you'll have a consistent identifier for users. It’s also smart to implement a captcha to block bots at login. Don't forget to set up rate limits on messages by IP and user. If you're feeling ambitious, you could even use an anti-spam service to analyze each message, track spam scores, and tighten limits accordingly. Additionally, keep an eye on users who are in multiple channels or sending many direct messages, as these could be signs of spamming.
Consider implementing a custom authentication method that’s unique to your service. This adds a layer of security against API misuse. Some users might have downvoted the idea, but it's genuinely a valuable approach to prevent unauthorized access.
I appreciate the input! But I wonder how much this method actually helps since people can just open their developer tools and see the code.