I have been writing my own api for my site, the api will only allow a consumer to read basic information.
Somebody suggested to me that I gave the consumer a public and private API key. The private API key would be for server side scripts such as php so the public can't view it and use it in a wrong way, and then a public key would be for languages such as javascript. For the public api key they told me I would have to check the original source of the request and match it to a url in my database.
But the way I was going to check the URL the request was coming from was by checking the refer, but I know that the referrer can be changed, so this wouldn't be a good idea.
I'm looking for a way to check the referring URL properly which is very reliable. Or could anyone suggest to me a difference way of doing this API?