I created the could function in moralis that calls the special API.
But there is no way to validate if the call is correct in the API. so I am going to block all domains except moralis clould function.
if you control the API that is called, you can send it a parameter that validates that it was called from cloud code, like a signature
you can find more info about that request made from cloud code by logging the information about the request that you make from cloud code, or by using a site like webhook.site in order to see how the request looks like and where from it is made
Yes, but I am not sure how I can do it.
Btw, can you confirm if itβs secured? The signature will be fixed, so if it is stolen, then?
So what I am thinking is that I get the public url of the cloud function and my API will accept the request that only comes from this could function.
what do you mean with public url of the cloud function?
you can log some requests in your API and see there where from the requests are made, probably will be an IP and then you can whitelist that IP