How to prevent direct access to my JSON service?

Question

I have a JSON web service to return home markers to be displayed on my Google Map.

Essentially, http://example.com calls the web service to find out the

Answer 1

You can add a random number as a flag to determine whether the request are coming from the page just sent:

1) When generates index.html, add a random number to the JSON request URL:

Old: http://example.com/json/?zipcode=12345

New: http://example.com/json/?zipcode=12345&f=234234234234234234

Add this number to the Session Context as well.

2) The client browser renders the index.html and request JSON data by the new URL.

3) Your server gets the json request and checks the flag number with Session Context. If matched, response data. Otherwise, return an error message.

4) Clear Session Context by the end of response, or timeout triggered.