I have an Ionic APP that connect to my api in Node.js. In node.js I set the cors to receive connections from localhost, capacitor: // localhost (iOS) or http: // localhost (Android), the problem is that every app can use my API from localhost because cors configuration is available for all localhost. My question is, How I can do to allow connections in my api only from my Ionic app?
For example, if we have a Ionic App named X that use an API in Node.js to login users, and in this node.js server the cors allow connections from localhost, so if another person create a new App named X2, this App can use the same api to login users, and this is a security risk. I need allow connections only from my Ionic APP.
Is possible to get the appId(capacitor config) when node.js received a call from the api?