I have my own API built in php with zend framework for CRUD functions with database.
But now I am concerned about securing my little API for a bit cause I needs to have voting function which allows user to vote once per item. The only requirement to vote is user's facebook ID, so I am afraid if someone loop the post requests to my voting api with a lot of facebook id.
So now I am thinking of passing encrypted token from my app client to voting api and check it before api do the things.
So I want to know what are the best way to generate dynamic tokens and passing it securely to the API? Or is there any easy way to recognize the API requests that made from any sources other than my app clients?
Currently I use jquery ajax to pass all json data to my api. Thanks!
The easiest way I can come up with is, that you put a hash of some sort into the API call to verify that the data comes from your app. E.g. you could create a hash of the Facebook ID plus a salt. You just have to make sure, that the receiving end does know the salt used for that call. For example
hash = sha256(Facebook_id+app_id)
would be a way .