Preventing Unwanted Access to Your API

Photobucket - Video and Image HostingCal Evans says, so you’ve written a cool new Web API and you’ve written l33t JavaScript to call it from your page. The problem is, anybody who views your source can see how you call your new toy and use it for their own nefarious purposes. Granted, sometimes this is what you want but there are times when you want to keep your toys to yourself. For those times, here is a quick trick you can implement that will help thwart most evil doers. It should be noted that this technique, like many security measures, is not foolproof, it can be circumnavigated by the determined. It should be used as part of a multi-faceted security strategy. Read more.

Advertisements

Published by

padik

FreeBSD, CodeIgniter, TCG