Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
We’re currently developing a site that uses a simple JSON API (RoR) to populate the page. The data is public to clients but key to our service and we want to make sure that our competitors aren’t leeching our data. What methods do you use to verify that AJAX requests to an API are legitimate?
Re:
I make them login first. HTTP requests via Ajax include the cookies, so session-based authentication works fine with Ajax requests.
So the user logins in. Then the page makes the Ajax request to get the data. The Ajax api checks for a valid session before responding with the data.