This question already has an answer here:
I need a small help, We have an external javascript file where we are calling our PHP API through ajax but the problem is its all exposed via right-click on website and anyone can see our API and all the parameters we are passing so anyone can see and call API and might change our system.
Is there any way we can protect so only our code only run our PHP API not outside or we can hide this calling procedure of ajax in js.
Hope to be able to explain my point. If anything is unclear please let me know I will try to example again.
Example
UpdatingPaymentAPi.php
<?php
$_REQUEST['CustomerId'];
$_Request['amount'];
$_Request['purchaseCurrency'];
//here we will do process
?>
Js file
$.ajax({
url:"UpdatingPaymentAPi.php",
type:post,
data:{CustomerId:1,Amount:100,PurchaseCurrency:1},
success:function(response){
}
});
so here API can see in source code user can see api name and all paramters and can call externally hope you are able to understand my point
</div>