0

I'm interested in what might be the options for securely implementing a dead simple API that allowed websites to register on my site, receive and copy the unique HTML form to their website that would ultimately post to my API.

E.g.:

  1. A church at URL: www.church.com buys 5 submits of my service.
  2. I provide that church a HTML form that they then copy into their website.
    2b. The form would post back to my API/URL with an unique key specifying it's coming from www.church.com (key=1234)

<form action="https://www.example.com/myCustomAPIService.php?key=1234" method="post">
  First name: <input type="text" name="fname"><br>
  Last name: <input type="text" name="lname"><br>
  <input type="submit" value="Submit">
</form>

What would prevent say another organization from copying the HTML to their site?

Would checking $_SERVER["HTTP_REFERER"] solve this problem?

Improve this question
2
  • $_SERVER["HTTP_REFERER"] IS NOT RELIABLE. See here for more options. Commented Dec 21, 2015 at 21:51
  • referers are not, never have been, and never will be, a "security system". they're "hello my name is" tags and can contain ANYTHING the user wants. Commented Dec 21, 2015 at 21:51

1 Answer 1

Reset to default
2

You cant rely on anything coming from the user, so there is no 100% secure way using HTML only.

You need some secret. For example:

  1. Church.com send request to your web server with secret key for temporary public key for every HTML form it generates
  2. Church.com create HTML form with this temporary key
  3. User send form with this temporary key to your site
  4. You will check temporary key if it is valid

Or:

  1. church.com create html form
  2. User send form to church.com
  3. church.com send values from this form to your website with his secret key

etc.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.