I've built a GET Rails API that checks for an access token and that the registered request.env["HTTP_X_REAL_IP"] matches the IP address that is registered within the admin panel of the app.
Example request:
https://staging.mysite.com/api/v1/products?access_token=7b9f3cddd3914a6f45fa692997fe6dc9
The API works great when I'm making requests from a server by curling the request or by making the request on hurl.it.
My question is: what happens if the API request comes from a client vs. a server? I have the rack-cors gem installed but I think that the API would register the user's computer IP vs. the server's IP. Any advice is appreciated.
FWIW: the expected users of the API will likely be using Rails.
As a bonus: if anyone has a recommendation of a service where I can test the API as a client, I would be thankful.
The IP of the client can change frequently and will only show the IP of their ISP, so limiting an API that may get called from the browser by IP might not be a good idea. CORS is related to resources (javascript, fonts, etc.) loaded by the browser over different domains.
If you're referring to testing as in debugging, Chrome has an extension called Postman that you could use for REST API testing. If you're looking for a service that'll test for uptime, Pingdom might be of use?