Only allow update call from frontend canister

I am inspecting the caller in the backend canister ic_cdk::api::caller() and try to only allow the frontend canister to make update call. But I found out the caller is always 2vxsx-fae (anonymous).

I don’t want anyone to call the update call directly using canlista or http, but only through frontend. Is there a good way to do this?

This is related https://forum.dfinity.org/t/can-the-canister-recognize-update-call-is-from-a-frontend-canister/ but seems there was no good solution back then

1 Like

Bump for visibility!

This is still the state of the art, and I don’t see this changing any time soon

1 Like