Web services API Keys and Ajax - Securing the Key

Question

This is probably a generic security question, but I thought I\'d ask in the realm of what I\'m developing.

The scenario is: A web service (WCF Web Api) that uses an

Answer 1

Generally in cases like this though you proxy requests through the server using 'AJAX' which verifies the browser making requests is authorized to do so. If you want to call the service directly from JavaScript, then you need some kind of token system like JSON Web Tokens (JWT) and you'll have to work out cross-domain issues if the service is located somewhere other than the current domain.