I'm trying to create a APIcontroller for my Umbraco V8 package. The API is working fine but I only want my backoffice AngularControllers to have access to the API. I wish to create a attribute like described in this answer https://stackoverflow.com/a/30573590/11409365. This way only the localmachine can access the API.
I don't think it's relevant but this is the code in my APIController
public class PackageApiController : UmbracoApiController
{
[HttpGet]
public string GetString()
{
return "Test";
}
}
But where do I add my WebApiConfig class and how do I make sure the ApiController uses this class?
Would it be sufficient to use UmbracoAuthorizedApiController instead of UmbracoApiController? UmbracoAuthorizedApiController requires the caller to be logged into the backoffice.
Have a look here (there's also an option to add an attribute to your UmbracoApiController): https://our.umbraco.com/documentation/reference/routing/webapi/authorization