How can I validate/secure/authenticate a JavaScript-based POST request?

Question

A product I\'m helping to develop will basically work like this:

• A Web publisher creates a new page on their site that includes a

Answer 1

If you can add server-side code to the site pushing data to your site, you could use a MAC to at least prevent non-logged in users from sending anything.

If just anyone is allowed to use the page, then I can't think of a waterproof way of confirming the data without scraping the webpage. You can make sending arbitrary content somewhat more difficult with referer checks and whatnot, but not 100% impossible.