How can I test whether the request for an API is coming from the correct registered domain.
+1
A:
You cant.
You can check the IP from the server, but 1 server can handle $n domains..
I've tested with google: token my google map api key, he just ping the domain i give and retrieve the server IP; but the api key is valid from every domain on that server...while changing server (another one with different IP) the same api key return an error
DaNieL
2009-07-23 13:10:39
A domain can also resolve to multiple IP addresses (e.g. via round robin DNS base load balancing)
David Dorward
2009-07-23 13:22:32
Also IP addresses can be faked. And if the API call has an immediate effect server-side, there is no need to send a valid source IP.
Cheekysoft
2009-07-23 16:36:39