How to prevent users from using the interface badly?

I am using ecdsa API to develop a dapp, as the update call will spend cycles, so any method to protect the call? and how to confirm my ECDSA private key is controlled by a canister

#[update]
async fn sign(message: String) -> Result<SignatureReply, String> {
    // todo check proof

    let request = SignWithECDSA {
        message_hash: sha256(&message).to_vec(),
        derivation_path: vec![],
        key_id: EcdsaKeyIds::ProductionKey1.to_key_id(),
    };

    let (response,): (SignWithECDSAReply,) = ic_cdk::api::call::call_with_payment(
        mgmt_canister_id(),
        "sign_with_ecdsa",
        (request,),
        25_000_000_000,
    )
    .await
    .map_err(|e| format!("sign_with_ecdsa failed {}", e.1))?;

    Ok(SignatureReply {
        signature_hex: hex::encode(&response.signature),
    })
}

so any method to protect the call?

You could filter the call based on the caller’s principal, or also require the caller to send you cycles (in motoko with ExperimentalCycles | Internet Computer, you should have an equivalent in rust)

and how to confirm my ECDSA private key is controlled by a canister

Not sure what you mean by that. By design the signature is based on your canister id, so only that canister can sign it this way. At least that’s my understanding.

This is forum page? It doesn’t run on ICP.