Reputation: 3470
Securing JavaScript API
I'm currently working on a small JavaScript library which makes requests to a REST web service. Since the server side needs to log incoming request to measure the number of requests, I want to secure it somehow. The library is very similar to the Google Maps API. So my question is now, is there some way to secure it better then just adding an API key to the libraries requests? How can I ensure, if that is even possible, that only the 'right' client uses the key? I guess I could compare the referrer url to a set of valid urls, but this can be spoofed to right? Please keep in mind that is impossible to use some else's authentication method (facebook, google, twitter etc.) since it has to work without user input.
Cheers, Daniel
Upvotes: 1
Views: 97
Answers (1)
Reputation: 3765
A decent RESTful approach would be to require an Authorization header to be supplied by the client, matching some scheme that your server will accept (see Basic Access authentication as an example). Seeing as you only wish to validate that your client is the one making the request, you probably don't need too complex an authorization mechanism.
Upvotes: 1
Related Questions
- Securing API requests from Javascript
- How can you secure a JavaScript application's API calls?
- Securing API in jQuery
- Secure Ajax call On Rest Api
- Securing pure Ajax/Javascript client
- Securing AJAX API
- How to protect a private REST API in an AJAX app
- Secure a public REST API
- Best way to secure javascript front end/REST back end architecture web site?
- How to make REST calls secure