How to prevent direct access to my JSON service?

Question

I have a JSON web service to return home markers to be displayed on my Google Map.

Essentially, http://example.com calls the web service to find out the

Answer 1

There are a few good ways to authenticate clients.

• By IP address. In Apache, use the Allow / Deny directives.
• By HTTP auth: basic or digest. This is nice and standardized, and uses usernames/passwords to authenticate.
• By cookie. You'll have to come up with the cookie.
• By a custom HTTP header that you invent.

Edit:

I didn't catch at first that your web service is being called by client-side code. It is literally NOT POSSIBLE to prevent people from calling your web service directly, if you let client-side Javascript do it. Someone could just read the source code.