Web services API Keys and Ajax - Securing the Key

Question

This is probably a generic security question, but I thought I\'d ask in the realm of what I\'m developing.

The scenario is: A web service (WCF Web Api) that uses an

Answer 1

How about using jQuery to call server side code that handles communication with the API. If you are using MVC you can call a controller action that can contain the code and API key to hit your service and return a partial view (or even JSON) to your UX. If you are using web forms you could create an aspx page that will do the API communication in the code behind and then write content to the response stream for your UX to consume. Then your UX code can just contain some $.post() or $.load() calls to your server side code and both your API key and endpoint would be protected.