I'm making a PHP backend for my application using REST API.
I would like to prevent other's script to access my API. I thought of using $_SERVER['HTTP_REFERER'] to avoid them. But, in what situation does the HTTP_REFERER not work?, says we cant rely on that.
Is there any other way to restrict my API to only my client?
So, you can implement HTTP basic authentication, as suggested by Marcin. Or, you can implement OAuth as suggsted by HQarroum. The former is much easier to implement. For HTTP BASIC, requests from your client look like this:
.. https://username:password@yourbackend.host.com/resource/method/foo/bar ..
Implementing HTTP basic auth is very simple. In Apache, see this. For nginx, see this.
Regarding OAuth, that's a bit more complex of an implementation. If you are looking into OAuth, and you don't have the need for different scopes (levels of authorization to access different levels of data), then you should implement a two-legged OAuth flow. However, I do believe that OAuth may be overkill if you're the only consumer of the protected resources.
I recommend using SSL (https) in all cases.
Regards,
Neil
http://developer.mashery.com
You could just use ordinary HTTP user/pass authentication.
You should look at the OAuth protocol and implement it for the clients using your API.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 一夜七次 的文章《Restricting access to REST API》','https://www.manongdao.com/article-866984.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}