Reputation: 11338
Create protected api for internal use only
I have created simple web service for my website that generates some json based on request, using php, but I want it to be protected so that only I can use it. I mean it should be available for my website only. No one without my permission should be able to use that json on their website.
What is the best method for that in php?
Upvotes: 0
Views: 451
Answers (4)
Reputation: 1
Use a cookie to validate, this way you are independent from your ip address.
Upvotes: 0
Reputation: 151674
Only allow your server's IP to access the service. Or do you mean you're calling it from the browser?
Then you'd have to pass some kind of token to the service, proving that you're authenticated to call it.
Upvotes: 0
Reputation: 10239
You could try using HTTP_REFERRER header field, but it's easily spoofed and therefore insecure.
How about using PHP sessions?
Set some variable in session in your main page script, then check for its existence when processing API requests; if the variable in session is not set, don't serve the content.
Upvotes: 1
Related Questions
- Private REST API
- How do I restrict JSON access?
- Protect a public API
- How would I make it so my API is only accessible through my application (Javascript and PHP)?
- Securing an api PHP/JQUERY?
- Secure PHP REST API
- How to deny third-party access to a server side API
- How to secure json
- How to build a restful api while being private and members only?
- How would I protect a private API