Securing an API for use with Javascript widget

Question

I\'m writing a javascript plugin which will be installed by bloggers/website owners. It will communicate with my remote API.

I\'m wondering how to secure the API to

Answer 1

You can insert window.location checks into your script to prevent other people from including it directly off of your servers.

However, it is impossible to prevent people from downloading the scripts locally, removing your protection, then hosting it themselves.

You can require an API key in all server-side requests, but enemies can easily steal API keys from legitimate sites.