I want to know if Its possible to see what resource is calling my website page (PHP file).
I have created an API PHP page which handles JSON POST data and saves it to the DB.
Now I would like to know what resource is calling my PHP page.
As example I'm using POSTMAN to post data to my page.
Is it possible to see that a call came from postman?.
Is that possible to get that information in PHP?
You can know some things about the request, for example:
1) IP address:
// Read the IP from who is really making the request (a user or a proxy)
$ipAddress = $_SERVER['REMOTE_ADDR'];
// Read the IP that the proxy is telling us making the request.
$ipAddress = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : '';
If the source of the request is behind a proxy, $_SERVER['REMOTE_ADDR'] will have the IP of the proxy, so you can check the HTTP_X_FORWARDED_FOR header but can be easily spoofed, unless you have control of the proxy or is a trusted proxy.
2) User Agent:
// Using global $_SERVER
$userAgent = $_SERVER['HTTP_USER_AGENT'];
// Using get_browser function you can get an array with the information
$arrayBrowserInfo = get_browser($userAgent, true);
The User Agent is easily spoofed too, so you can't trust it's the correct one.
3) Referer:
$referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
The referer header is optional and no many browsers send to the XHR Requests.
If you are building an API, depending the use case may you can ask for a mandatory header or parameter in order to tell you more information of who is doing the request (Android App, iOS App, Website, etc.) Obviously, that can be easily spoofed.
So i don't recommend that using for security validations, but if you only want to know in order to log the calls for debug, may be useful.