protect API with key in a chrome extension
I have an API endpoint that normally requires an API key header for access. Now I want to use the endpoint in a chrome extension and somehow need to protect access to it. Is there an alternative approach? The API-key won't work since everyone can read the JS files of the extension. TLDR: How can I make sure only the extension can call the API endpoint. Here are my thoughts so far: obfuscation: just makes it a little harder to get the API key origin header: only allow requests from the extension. However, headers can be easily spoofed with a curl request outside the browser IP rate limitation: only allow x requests/hour per IP. Can be cicumvented by proxies and might cause issues for users on a public network. user registration: users register for individual api keys. However, this is not really an option. It would add a huge barrier.
REQUEST_DENIED when using the Google Places API
Can Magento pull in USPS “Paid Online” rates rather than “Post Office” rates?
How to Retrieve all possible information about a LinkedIn Account ? (API using C#)
Google Shopping API - multiple store information
In HTTP, does PUT and POST send data differently?
Get informations of a list of venues
I want to get the all the song's tags through Last.fm API by Pylast
Google + What's Hot list
Yahoo news search API [closed]
Using socket.io as api
add-ons/extension, how to program?
Last.fm API: Events venues with empty city
What kind of international code is used for identifying countries like
Endpoint for venue stats (checkins) without auth
getting recommended monitor resolution
Is there a clean wikipedia API just for retrieve content summary?