API Access Control

I hosted my database (postgres) and banckend (node ​​+ sequelize) here at Render and managed to do all the configuration and integration, this part is working perfectly. However, I hosted my frontend on another platform (Vercel), and I’m using NextJS, I would like to allow only my website (frontend) to be allowed to make queries within the backend that is in Render. I’ve already tried to configure it using CIDR but the API is still available to anyone who wants to access it. For example https://my-url.onrender.com/users returns all users of my application to anyone who has that URL and I don’t want that to happen, I want only my website to have that access.


I think my colleague has already replied to a similar question you raised as a ticket.

Render doesn’t currently have platform features to restrict public access to Web Services.

So you would need to do add your required restrictions in your code, by whatever means you choose, e.g. IP restriction (True-Client-IP header), keys/tokens, etc.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.