Reputation: 125
Is JSONP a must for your API?
I have a WCF API which supports SOAP/JSON/XML but we don't provide JSONP. This means if someone wants to consume our API using JSON they must create a server side proxy to get around the cross browser limitation.
I kind of like this since it discourages users from putting api keys and secrets in client side code. While most methods accept and access token, we have auth methods which require the consumer to send key and secret to get this access token. If we expose JSONP some consumers may make this request client side and I'm not thrilled with that.
So... if you have an API that supports JSON, is it essential to support JSONP. Is it terrible to require consumers to create a server side proxy?
JSONP is not hard to implement but for reason stated above I'm hesitant. Kinda just looking for thoughts/advice. Thanks
Upvotes: 3
Views: 198
Answers (1)
Reputation: 887867
You can make special auth keys that only work with JSONP, then return Javascript that checks location and makes sure that the auth key was used by a valid site.
However, that won't stop a malicious server from sending a JSONP request and parsing out the JSON.
You need to figure out what your partners want and what attackers might to do make the trade-off between usability and security.
Upvotes: 1
Related Questions
- Would you use WCF Linq and JSON for an API
- Is there any reason to not use JSONP?
- C# WCF Web API + JSONP
- JSON and SOAP WCF Service?
- .Net options for JSON API?
- Using json with WCF? Is it easy?
- asp.net WCF and JSON
- What JSON Should I be Using For WCF Service
- WCF response in JSON instead of JSONP
- Pros and cons of using JSON for WCF service