Secure API calls with AJAX and PHP to 3rd party API

Question

I want to make GET, POST & PUT calls to a 3rd party API and display the response on the client side via AJAX. The API calls require a token, but I need to keep that toke

Answer 1

As people pointed out, you want a proxy method on your server to hide the API-key.

To avoid misuse of your method on the server, protect the call with an one time token (like you usually use for forms) - generated from your server (not in javascript..).

I am not a fan of the coded pasted above which checks for known http-user agents... or site tokens ... this is not secure.