I have made a simple PHP image proxy api that spits out a data URI, so I can use cross origin images in HTML5 canvas.
I want to secure the proxy so that it only processes my requests, from a single domain. Is there a way I can do this considering the api is accessed through client side JavaScript?
Well, you could check if $_SERVER['HTTP_REFERER'] matches your domain. However, note that there are legitimate reasons (like filtering proxies or browser privacy settings) why the referer might be blank or missing or incomplete even for users browsing your site: the best you can really do is refuse to serve the images if the referer header points to some domain other than yours.