How can you secure a JavaScript application's API calls?
I have a JavaScript application.
It's built with jQuery.
It uses $.get() to pull JSON data from a server, and uses the data to load
a puzzle.
I want to distribute the JavaScript application to clients, and make it
easy for them to install.
I'd like it to simply give them a JavaScript block they can drop into
their page, and it will interact with my API.
I'm not passing sensitive data, any my API is protecting the database from
SQL injection, etc.
I just want to try to prevent unauthorized use of my API, and I can't
think of a way to do that with JavaScript, since anyone with a DOM
inspector can scrape any credentials from any variables or can monitor any
server traffic POST or GET data...
Would it be possible to authenticate the referrer on the other side?
I know that's not bulletproof, but it's not sensitive data. I just want to
reduce the unauthorized use as much as possible..
Any ideas?
No comments:
Post a Comment