How to prevent direct access to my JSON service?

by

There are a few good ways to authenticate clients.

  • By IP address. In Apache, use the Allow / Deny directives.
  • By HTTP auth: basic or digest. This is nice and standardized, and uses usernames/passwords to authenticate.
  • By cookie. You’ll have to come up with the cookie.
  • By a custom HTTP header that you invent.

Edit:

I didn’t catch at first that your web service is being called by client-side code. It is literally NOT POSSIBLE to prevent people from calling your web service directly, if you let client-side Javascript do it. Someone could just read the source code.

More Related Contents:

  1. Why does Google prepend while(1); to their JSON responses?
  2. What are “top level JSON arrays” and why are they a security risk?
  3. Where to save a JWT in a browser-based application and how to use it
  4. Is JSON Hijacking still an issue in modern browsers?
  5. Why do people put code like “throw 1; ” and “for(;;);” in front of json responses? [duplicate]
  6. JSON security best practices?
  7. Loop through JSON object List
  8. Parsing Date from webservice
  9. Why does Google prepend while(1); to their JSON responses?
  10. Alternatives to JavaScript eval() for parsing JSON
  11. Filter JSON by key value with JavaScript
  12. Fetch: POST JSON data
  13. JSON: why are forward slashes escaped?
  14. Convert json data to a html table [closed]
  15. Can JavaScript connect with MySQL?
  16. Is there a JSON equivalent of XQuery/XPath?
  17. Write / add data in JSON file using Node.js
  18. How to call a REST web service API from JavaScript?
  19. JSON.parse unexpected character error
  20. pass function in json and execute
  21. traversing through JSON string to inner levels using recursive function
  22. How to access data of uploaded JSON file?
  23. sort JSON by date
  24. JSON string to JS object
  25. Safe value must use [property]=binding after bypass security with DomSanitizer
  26. Loop and get key/value pair for JSON array using jQuery
  27. How can I read a JSON in the script-tag from JavaScript?
  28. Why do ASP.NET JSON web services return the result in ‘d’?
  29. Jquery getJSON cross domain problems
  30. Push JSON Objects to array in localStorage

Leave a Comment