I'm about to develop widget that will consume a web service built on top of existing functionality and it's requires that that web service should be aware of where the request is coming from.For example a consumer in the registration can provide information about it's blog or it's website that will be using the widget.
Now i need to identify where the request is coming from (www.mysite.com or www.otherside.com),to know whether or not it's authorised or not and whether to process the request or not.
I must admit i don't know where to start from or from where to do researches.
If someone can shed some light on it i'll be more than glad. I'll be using java.thanks
The usual thing is to provide each site an authentication token that they pass back to you when making requests. To avoid having the token intercepted and misused, you'd only provide the web service via HTTPS (not just HTTP). This is (for example) how Amazon does it with their various web services.
That information can be added to the web service request in the optional header element
<SOAP-ENV:Header> // add your auth element here </SOAP-ENV:Header>
or you can add an element containing that information to the body of the request.
<SOAP-ENV:Body> // add your auth element here </SOAP-ENV:Body>
You can then check the authorization elements to see if caller is authorized to use the service or not.