Nabin Nepal (Starx) api javascript php
March 3, 2013

Secure JavaScript Site Specific API

Question by Ryan Naddy

Ryan NaddyRyan Naddy

I have been thinking about how to do this for a while, and I am not sure what the best approach is for this.

What I want to do, is allow users to sign up their website, they then are given a javascript snippet with a key, code, and a link to a file stored on my server.

Example

<script>
    var prefix_key  = 1234567890;
    var prefix_code = "hfj48fj4587tgfj5trutjh47dl4gx04jd9f";
</script>
<script src="http://mysite.com/js/somefile.js"></script>

Now, what can happen is say I have that on my site, and you come and copy it to your site. How can I secure it so it doesn’t work on your site but still works on mine?

Note: I will be using PHP as a back end if back end is needed.

Answer by Starx

StarxStarx

Get the key and code from an ajax request based on a fixed API code which is user specific.

For example:

Give you every user a fixed API code to query the page which returns key and code

http://mysite.com/some_page_to_get_the_key_and_code.php?apikey=243h325h2353

Author: Nabin Nepal (Starx)

Hello, I am Nabin Nepal and you can call me Starx. This is my blog where write about my life and my involvements. I am a Software Developer, A Cyclist and a Realist. I hope you will find my blog interesting. Follow me on Google+

...

Please fill the form - I will response as fast as I can!