https://www.cloudflare.com/application-services/products/turnstile/
Cloudflare Turnstile is a CAPTCHA alternative. The idea is to use it as a way to make sure that our APIs that are meant to serve the app are indeed called from our app, and let CF detect bot activity.
At first we should integrate it and pass the indication to our Cloudflare Functions - and to check it there. This will help protecting our proxied APIs such as Dex Aggregator.
We can also consider doing it in the carbon backend - in APIs that are only supposed to serve the app and we don't want DDOS'd.
Lastly, need to consider what to do with licensees (how to let them use Dex Aggregator but still protect it somehow).
client side code:
https://developers.cloudflare.com/turnstile/get-started/client-side-rendering/
server side validation:
https://developers.cloudflare.com/turnstile/get-started/server-side-validation/
Site key and Secret key to be provided separately
https://www.cloudflare.com/application-services/products/turnstile/
Cloudflare Turnstile is a CAPTCHA alternative. The idea is to use it as a way to make sure that our APIs that are meant to serve the app are indeed called from our app, and let CF detect bot activity.
At first we should integrate it and pass the indication to our Cloudflare Functions - and to check it there. This will help protecting our proxied APIs such as Dex Aggregator.
We can also consider doing it in the carbon backend - in APIs that are only supposed to serve the app and we don't want DDOS'd.
Lastly, need to consider what to do with licensees (how to let them use Dex Aggregator but still protect it somehow).
client side code:
https://developers.cloudflare.com/turnstile/get-started/client-side-rendering/
server side validation:
https://developers.cloudflare.com/turnstile/get-started/server-side-validation/
Site key and Secret key to be provided separately