Only allow update call from frontend canister

I am inspecting the caller in the backend canister ic_cdk::api::caller() and try to only allow the frontend canister to make update call. But I found out the caller is always 2vxsx-fae (anonymous).

I don’t want anyone to call the update call directly using canlista or http, but only through frontend. Is there a good way to do this?

This is related but seems there was no good solution back then

1 Like

Bump for visibility!

This is still the state of the art, and I don’t see this changing any time soon

1 Like