Reputation: 51110
Is it possible to create a javascript api that only allows certain domains to call it
I want to provide my data to different websites through a Javascript API, and I don't want the others to have to modify their backend code.
I believe the best way to do this is by providing JSONP to the other websites (please correct me if I am wrong).
However I don't want just anyone to be able to use the API - what are my options for controlling usage of the API.
Upvotes: 0
Views: 56
Answers (2)
Reputation: 8202
If the API is called by the JS running on the remote website you could use CORS (check IE support).
But if you need more granular control on your API usage you must use a key and check the referer against the key.
Btw even using a key someone can make a script faking the referer and thus using your API.
But if it's a JS API there's no alternative.
Upvotes: 2
Reputation: 538
I don't have many experiences with JavaScript APIs, but I know that there isn't a real way to secure your JavaScript code. If your Code is used in any Website there is always a way to get to it.
Upvotes: 0
Related Questions
- How do I block certain domain requests via Javascript?
- Prevent request to another domain?
- how to restrict cross origin request for other domains using CORs
- How do you restrict requests so they only work if it is accessed by a specific domain
- Is it possible to disallow fetching resources from different domains?
- How to make sure that only a specific domain can query from your REST api?
- Only allow certain domain to access web api
- Is it possible to restrict an API to only one web interface/app?
- How to ensure that only allowed domains can call C# from Javascript
- Restrict Cross Domain Ajax request