我们目前正在开发使用一个简单的JSON API（回报率）来填充网页的站点。这些数据是公开给客户，但关键是我们的服务，我们希望确保我们的竞争对手不是榨取我们的数据。你用什么方法来验证AJAX请求的API是合法的？

We're currently developing a site that uses a simple JSON API (RoR) to populate the page. The data is public to clients but key to our service and we want to make sure that our competitors aren't leeching our data. What methods do you use to verify that AJAX requests to an API are legitimate?

推荐答案

回复：

你用什么样的方法来验证   AJAX请求到一个API是   是否合法？

What methods do you use to verify that AJAX requests to an API are legitimate?

我让他们先登录。通过Ajax的HTTP请求包括饼干，所以基于会话的认证工作正常Ajax请求。

I make them login first. HTTP requests via Ajax include the cookies, so session-based authentication works fine with Ajax requests.

因此​​，在用户登录后的页面，使Ajax请求来获取数据。前AJAX API查找有效的会话数据响应。

So the user logins in. Then the page makes the Ajax request to get the data. The Ajax api checks for a valid session before responding with the data.