Laravel API, communication between two web domain (main <- other). only accept for specific domain that allowed to requesst

Question

Here I ask for implementation laravel API and Laravel APP communicating each other. Here's how the flow supposed to be:

Laravel API side, can retrieve all request from outside that had account and token and response it. In account create form, required to fill web URL from where they want to request and give'em the token.

All request worked if the token is authorized. but it's only using token.

It's possible to check from where request come from, and deny it if token and URL is not match?

api-laravel.test
data 1 : token = abcde , web_url = laravel-app-1.test

from now:

laravel-app-1.test -> request url (token: abcde) -> api-laravel.test = response OK
laravel-play.test -> request url (token: abcde) -> api-laravel.test = response OK

I want is like:

laravel-app-1.test -> request url (token: abcde) -> api-laravel.test = response OK
laravel-play.test -> request url (token: abcde) -> api-laravel.test = unauthorized

Any explanation..

Answer 1

You could create a Middleware that does this check for you.

• Check if Token is valid.
• check if host matches the descritpion on the token.