How does google verify you when using their API's
Posted on 2007-11-26
I'm putting together a piece of software where I need to have a model similar to how google does things on some of their higher end level API's.
for example, if you were to sign up for Google maps services for enterprise, you would be asked for your exact URL where you're going to be making your calls to the API from and you'll be giving a key to get that api. Now obviously google has a way of knowing exactly where the request to their API came from because if it's not coming from the URL you sign up with, it will reject your request.
I'm interested in developing a similar model for my software, but as I thinking about security issues I find trouble understanding how Google does this. I mean, wouldn't a professional hacker be able to trick an API into thinking that he's coming from a different URL/IP address than his real address (IP emulation)
I'd appreciate your thoughts on this.