================================== Backstage access path is how to verify the legal path ======= =======================

There is such a demand:
A system: Andrews foreground, ssh background. By json data transmission. In order to prevent information disclosure to ensure that only comes from a background app can access the background, and then return the data. Url not from app to access not return data. How does the design? Great God enlighten me beg.

Note: app access stateless, there is no session. <-! Main posts under Banner (D4) -><-! Posts under the main text (D5) ->
Reply:
Own solution. . With a filter. Meanwhile request header added sessionIdea