Oct 21, 2011 at 1:14 PM
Edited Oct 21, 2011 at 1:19 PM
Let's assume that I have created my service smoothly and I am returning json results.
I also implemented API key for my users to communicate for my service.
Company A starts using my service. I give them an API key.
Then they created an HttpHandler for bridge (I am not sure what is the term here) in order not to expose API key. (I am also not sure it is the right way.)
For example, lets assume that my service url is as follows :
Company A is using this service from client side like below :
then they starts using in on client side.
Company A protected the api key here. that's fine. but there is another problem here. somebody can still grab www.companyA.com/services/service1.ashx
url and starts using my service. what is the way of preventing others from doing that?