I have a web API that I want to allow any domain to submit

Question

0

Asked: May 18, 20262026-05-18T08:21:18+00:00 2026-05-18T08:21:18+00:00

I have a web API that I want to allow any domain to submit

0

I have a web API that I want to allow any domain to submit data to. However, to keep bogus spam down I want to find some way to insure that a request stating it’s from a certain domain actually is from that domain and that someone isn’t trying to trick me by posting on another domains behalf.

For example, if http://example.com submits some data – thats good. If script kiddie #237 submits data claiming to be example.com – that’s bad.

At first I was going to use a secret key system to HMAC sign each request – but signup is going to be open, free, and automated for this API. I’m not sure how I could tell if PersonA or PersonB really owns http://example.com and deserves the API key.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-18T08:21:19+00:00

Editorial Team

2026-05-18T08:21:19+00:00Added an answer on May 18, 2026 at 8:21 am

Provide a key file that they will have to upload on that domain. And you check the existence and valid data against your internal database.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have a web API that I want to allow any domain to submit

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply