Can I use the API from Client Script (JavaScript, jQuery etc)?


Unfortunately, we do not provide client-side access to our API for reasons of security.


Because it is necessary to provide a license key with calls to our API, the API key cannot be secured to be private on client installations meaning that the key can be easily viewed publically and easily with simple 'View Source' features of Internet Browsers.



I've previously used a provider that offers License Key free installations for client-side API access


A.It is possible to offer API access that foregoes a license key and is instead secured against your domain. This method of license key authentication is sometimes called a "Domain Access Control List (ACL)".


Unfortunately, Domain ACLs are also a security risk because the domain can easily be spoofed using custom DNS to spoof the domain and/or falsifying HTTP request headers to impersonate the domain.


Some providers supplement security for domain ACLs using an IP based ACL. However, maintaining a set of whitelist ACLs for the domain and IPs quickly become difficult to manage for both the customer and the provider.