Description of Project and Question
Brief Description of Project
Currently, I am working on a web app that allows Zillow API subscribers to make requests to the Zillow API on my website and to be able to download the property data in csv format. My web application requires users to independently register with Zillow to receive their API key (ZWSID), which is required for every API call and Zillow limits subscribers to 1,000 requests each day. Therefore, my web application makes API requests on behalf of the user and formats the data for the user to download (it is not in violation of Zillow API terms and conditions).
Question
The problem I am facing is that each request made to the Zillow API will most likely include my URL as the Origin of the request (and possibly the user agent or HTTP Host). I am concerned that this will be flagged and that Zillow will block all requests from my website, even though they are made on behalf of my users. Is there a way to associate the API request with the person using my website and remove my website as the origin? In other words, is there any way that I can prevent my website from being included in the header of the request? Please see below for details.
API Request and Zillow API Background
My Project Technologies
Because API requests are made on behalf of users, the requests to the Zillow API are done on the front end (using Ajax). In order to overcome a cross origin request error when using Ajax, I had to import the './jquery-cross.js' file.
The function I have to make a request to the Zillow API is as follows:
import $ from 'jquery'
import './jquery-cross.js'
const getReqWithSuccess = function(street, city, state) {
return $.ajax({
crossOrigin: true,
url: `http://www.zillow.com/webservice/GetSearchResults.htm?zws-id=X1-ZWz18mqy7m1ibv_ahuyo&address=${street}&citystatezip=${city}%2C+${state}&rentzestimate=true`,
dataType: 'xml',
method: 'GET'
});
};
jquery-cross.js:
import jQuery from 'jquery'
var proxyJsonp = "https://script.google.com/macros/s/AKfycbwmqG55tt2d2FcT_WQ3WjCSKmtyFpkOcdprSITn45-4UgVJnzp9/exec";
jQuery.ajaxOrig = jQuery.ajax;
jQuery.ajax = function(a, b) {
function d(a) {
a = encodeURI(a).replace(/&/g, "%26");
return proxyJsonp + "?url=" + a + "&callback=?"
}
var c = "object" === typeof a ? a : b || {};
c.url = c.url || ("string" === typeof a ? a : "");
var c = jQuery.ajaxSetup({}, c),
e = function(a, c) {
var b = document.createElement("a");
b.href = a;
return c.crossOrigin && "http" == a.substr(0, 4).toLowerCase() && "localhost" != b.hostname && "127.0.0.1" != b.hostname && b.hostname != window.location.hostname
}(c.url, c);
c.proxy && 0 < c.proxy.length && (proxyJsonp = c.proxy, "object" === typeof a ?
a.crossDomain = !0 : "object" === typeof b && (b.crossDomain = !0));
e && ("object" === typeof a ? a.url && (a.url = d(a.url), a.charset && (a.url += "&charset=" + a.charset), a.dataType = "json") : "string" === typeof a && "object" === typeof b && (a = d(a), b.charset && (a += "&charset=" + b.charset), b.dataType = "json"));
return jQuery.ajaxOrig.apply(this, arguments)
};
jQuery.ajax.prototype = new jQuery.ajaxOrig;
jQuery.ajax.prototype.constructor = jQuery.ajax;
Zillow API Information
API Call
I have limited knowledge of PHP, but it appears that requests follow this format. An example of an API call (on the zillow api website) is as follows (where ZWSID is the Zillow Subscriber Key):
http://www.zillow.com/webservice/GetSearchResults.htm?zws-id=<ZWSID>&address=2114+Bigelow+Ave&citystatezip=Seattle%2C+WA
API Response
The output is returned in XML:
<SearchResults:searchresults xsi:schemaLocation="http://www.zillow.com/static/xsd/SearchResults.xsd /vstatic/ae1bf8a790b67ef2e902d2bc04046f02/static/xsd/SearchResults.xsd">
...
</SearchResults:searchresults>
I am open to any ideas or workaround to remove the website as being associated with API request. Thanks for your help.
