How to prevent direct access to my JSON service?

Question

I have a JSON web service to return home markers to be displayed on my Google Map.

Essentially, http://example.com calls the web service to find out the

Answer 1

You'll probably have to have some kind of cookie-based authentication. In addition, Ignacio has a good point about using POST. This can help prevent JSON hijacking if you have untrusted scripts running on your domain. However, I don't think using POST is strictly necessary unless the outermost JSON type is an array. In your example it is an object.