I have a web application that pulls data from my newly created JSON API.
How do I restrict access to my JSON API so that only I (my website) can call from it?
In case it helps, my API is something like: http://example.com/json/?var1=x&var2=y&var3=z… which generates the appropriate JSON based on the query.
I'm using PHP to generate my JSON results … can restricting access to the JSON API be as simple as checking the
$_SERVER['HTTP_REFERER'] to ensure that the API is only being called from my domain and not a remote user?