I have a custom Restful API in php that I want to consume via multiple clients:
I currently authenticate the user by using a login form that sends credentials to the server which return a JWT token.
What I'm not sure is how to authenticate the client app that will consume the API. For example, how can I identify that the API calls are coming from the CMS? Do I need to implement some sort of client whitelist so that all of the 4 clients below are authorize to consume the API and blocks any other ones?
I need help, suggestion or links to understand the best solutions to implement such a things.
Thanks,
Steve
You can simple add the device type during authentication. For browser its simple as getting user-agent for other devices add another parameter that adds device type. Add that device or user-agent while encoding the JWT. This is assuming that you have multiple tokens issues for each devices separately. If thats not the case look for user-agent headers and add additional middleware in your app for same in android or other apps. Hope this helps