Use crumbs to protect your Ajax calls from Cross-site request forgery (CSRF/XSRF)

Posted 18 CommentsPosted in PHP
Have your API calls ever being used directly by someone without your permission? If yes, read on to find out how can we protect our API's from such spammers and hackers. Before we go ahead and see a possible solution for this, lets try to list out a few cases, when our API's can be accessed without our permissions. Common cases of vulnerable API/Ajax calls Ajax calls having no user authentication: This is the first place where a spammer will try to find out a loop hole. Take this example, suppose I created a group chat plugin for my blog....