How to make sure the API request is made from the certain person who can
do that?
I am creating an API for my website which has lots of information, for
say, movies. I want to allow certain number of requests. So, for example,
5$ plan allows 10,000 requests a month. User sign ups, gets the API key
and then can make a request like
http://website.com/index.php?api_key=API_KEY&movie=Titanic
and the server gives back the answer in json. My question now is, how can
I make sure that this API_KEY can be used just by that user? Because if he
makes an AJAX request, someone else can see the link with the API_KEY and
use it for his project. And I want to allow AJAX requests.
No comments:
Post a Comment