How to hide an API key in a JSON API request

Question

How to hide an API key in a JSON API request

I am creating an API server that serves card number verification and transaction insertion.

Example API URL = http://mydomain.com/api.json?cardnumber=2342343244&api_key=jhj67asd234tgbh123

Existing system: I provide an api key for client systems (say ebay.com). I give a discount if the user has a valid card. Therefore, my client will provide their end users with a form field to enter a valid card number.

Problem: My client writes an ajax request to my domain to handle validation. The problem is that the api key is displayed on the console, and everyone can execute the request outside the client system (loss of security).

We offer a system:. We offer a system in which my api key is hidden so that the request is processed reliably. The solution can be any other way of writing an API.

I have less knowledge of the API. Any help would be appreciated.

+4

json security api

Jeyasithar Jun 03 '13 at 8:10

source share

1 answer

Rob forrest · Answer 1 · 2013-06-11T10:46:10+0000

In my experience, this is not an easy way to do this.

The only method I know of is to provide the client with a one-time key. Once it is used, it will expire and the customer will need a new one.

Thus, it does not matter that the key is displayed on the console, as it will ever be used for only one request.

I hope this helps, but I'd love to hear about any suggestions anyone else has.

How to hide an API key in a JSON API request

More articles: