I'm working on a small Restful API, which will show users current weather conditions in their location in the header of the page. There will be a GET query sent to the server via Ajax to a link similar to this:
https://test.com/weather/{required location}
Test.com represents my link which further queries either the database or external APIs. It responds with JSON and they will see the weather for their location. The problem that I have is if that link is accessed directly, it just prints the output, so potentially it could get farmed.
The question I have is how can I implement some sort of logic where if the the page is accessed via ajax from test.com, the output is JSON as needed. Any other ways to access that link will display a blank or custom page with JSON hidden?
Also, as I am new to API and Ajax work, are there any other security means I need to be aware of?
I'm using jQuery, php and mysql.
Thanks