I am currently making a small website with google charts. I load the information with a ajax request from this url ‘data.php’
The problem is that anyone can enter that url and get the response. A person can also abuse that url. Like spamming it 1000 of times. Is there a way I can protect that from happening.
I myself thought about using a php sesion variable. So that the users needed to have the home-page open first before it could continue.
So I dont know if there are other ways of protecting a URL used by ajax request.
You can code-in session variables or API keys that your server side app checks for each request. You can hard code limits to how frequently the app responds to a client. If you have access to the server software you can configure firewalls or the server itself to drop high-frequency or spam requests.
How much you lock the endpoint down really just depends on your specific needs. Personally, I imagine if the endpoint is already public your main concern should be bandwidth or server integrity so a firewall rule limiting requests would be sufficient.
If it’s a google api you can lock the key to a single domain in the developers dashboard. Just click your key in the console and you’ll find the option.