0

I have a JavaScript widget I'd like developers to embed on their sites.

I'd like to perform various actions based on whether or not a user is already a member of my site. Is it possible to securely perform GET/POST requests cross-domain?

I'm running Node/Express on the server side.

Improve this question
5
  • Security is relative, but it sounds like you're describing a RESTful API. Take a look at this stackoverflow.com/questions/15496915/… Commented Jan 15, 2015 at 17:57
  • I suppose the alternative would be to implement your widget a way that it's hosted on your domain and embedded via iframe. Commented Jan 15, 2015 at 18:00
  • Unfortunately due to our use cases that isn't really an option! Commented Jan 15, 2015 at 18:02
  • This one actually discusses auth in more depth. stackoverflow.com/questions/9773664/… For any requests that you want to secure, you're probably looking at having the user authenticate, and then providing them with an auth token that they have to use to sign their requests. You'll want to expose your API only over SSL as well, otherwise you'll be passing auth credentials unencrypted, which would be bad. Commented Jan 15, 2015 at 18:10
  • Also, for a real-world example, take a look at dmcloud (the service behind DailyMotion) dmcloud.net/doc/api/api-general.html You can see them using a hash of the request and api key, which gives them a means of validating the integrity of the request. Commented Jan 15, 2015 at 18:14
Load 7 more related questions Show fewer related questions

0

Reset to default

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.