API Security and Multiple Front Ends

How would I go about securing the API so that only pre-approved clients can use it?

Say, my system has several clients: two web applications, two Flutter mobile apps, etc… All these front ends need to use my Adonis API. How do I secure the API so that only these specific applications can use them?

I see some settings I can change for Web clients. But, what about Mobile apps?

Thanks.

How do I secure the API so that only these specific applications can use them?

I am sorry to disagree, but there is no common sense between the criterion you mentioned and web applications security.

On the other hand, I do not think what you are trying to achieve is wise from the UX perspective: Why do you want for example to punish the user from accessing your application from this or that client ?

Security must never be done at the expense of the user experience.

This is a classic case of Security through obscurity.

1 Like

Oh no. What I mean is like, how do I go about implementing some kind of API key mechanism so I can control which applications can access my API.

Kind of like how third party APIs require you to register to get an API key to be able to use their APIs.