Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m exposing a simple API and need to make sure only authorized users access it. I will be providing an API key to authenticate. However, I also want to associate the API key to a certain domain (meaning, it should only work if it’s being used from the authorized domain(s)).
How do I check on the API side if it is being accessed from an authorized domain? HTTP_REFERER apparently is not reliable. Suggestions?
What kind of API are you exposing? There are many different kinds of APIs – I assume you do not expose your operating system’s API…
Assuming you want to expose some web application’s API, you may take a look at OAuth, which is based on callback URLs – you can just block certain domains from being called through callback URL.
Read more about OAuth.