Restrict my api not to be used by un-authorised websites

Question

I'M beginner to REST API creation. I have created a REST API (provides JSON output) which I give access to multiple users(each has their API key).

I want each user can only use the API on a specific website, not for other websites.

Example:

User-A (with unique API key) took my API for "example1.com".

User-B (with unique API key) took my API for "example2.com".

so my API should run on these 2 sites, they can not run it in "example3.com".

How can I restrict them?

Answer 1

For what u want to accomplish take a look at CORS (Cross Origin Resource Sharing) Here another post on it

Basically in server side (PHP)

header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Headers: X-Requested-With, content-type, access-control-allow-origin, access-control-allow-methods, access-control-allow-headers');

In Your case u can do something like:

$http_origin = $_SERVER['HTTP_ORIGIN'];
if ($http_origin == "http://www.domain1.com" || $http_origin == "http://www.domain2.com" || $http_origin == "http://www.domain3.info")
{  
   header("Access-Control-Allow-Origin: $http_origin");
}

For more resources take a look at this post

DISCLAIMER FROM CODE PART: https://stackoverflow.com/a/7454204/1027877