I have been looking for a good answer on this question for a long time now, however I can't find any good solutions for my problem.
So, I want to create a jQuery widgets which can be implemented at a customers website. However, this widget has to initialize through an APIKey which I would like to be secret to not customers visiting the customers page.
Therefore, I thought about encryption which has to be present on the most major scripting languages such as PHP, Perl, etc. For example hash_hmac... Else, the APIKey could be extracted but the encrypted string can also be copied. Besides that, I have also been thinking about setting up a handshake, however for this handshake I would also need the APIKey to authorize the handshake...
It's an issue, due to the fact of the content the widget will be showing.
Therefore my question is: Do you guys have any good idea's or solutions for me so I can implement my widget on the customers site's securly, thus with a APIKey which is secure from visitors of the customers website?
Thanks in advance.
Have a look at this tutorial for sharing a widget that you create that will work on external customer sites... http://alexmarandon.com/articles/web_widget_jquery/
Each customer in your database should have a unique identifier. They also need to give you the domain name where the widget is deployed.
When your script/html template loads on the customers site (as per the tutorial above) you pass the customers domain and unique identifier to your site for validation. If valid (customer identifier is valid and domain name is a match to where the site originates) then you set a variable in your script to start the download of scripts and html templates to load your widget.
Many chat sites use this and I have use this technique. I use this same process for my personal sites...To view customer click data on remote sites. My script on their pages can launch an overlay to display a dashboard where I can interact with the html elements on the page and overlap my heatmap results pulled from a remote server. Hope this helps.