I recently started using BackboneJS and for a new project I need to access a MySQL database on a server I have full access to.
I've been reading up on RESTful APIs and now I want to set up one but I'm not quite sure about one thing: will other people be able to insert rows into my database via the RESTful API I will set up (using Slim)
I know it won't be possible using JavaScript/AJAX because of the same domain policy. But what if someone POSTs to the API using PHP/cURL or something similar? Will it be possible to insert rows using this method without me checking stuff on the server-side?
In short I just want to be sure I'm the only one that can insert (create, put, delete) things into the database, I don't really care about reading (get) but I'm guessing that if you can't insert you can't read either.
EDIT
Please note that this question is not about authenticating users, It's about whether others will be able to simply use my API using cURL or something similar.
Limit your API to respond to only servers that are allowed. E.g: Limit the IP addresses that can use the API.
If your RESTful API and MySQL are hosted on the same server, you could limit the API to respond only if the requesting IP address is 127.0.0.1.
You will need to set up authentication so that only authenticated users can use the Restful interface. Then as long as you don't give your credentials to anyone, you'll be the only one who can use it.