Widget to display in clients website

I have a widget that i made which needs to be posted into a customers website. Its basically a form that a u开发者_开发知识库ser will fill out and we take the data do some calculations on it and display the results. how can i go about doing this while protected the code being run on another domain that is not paying for this service?

You can create a sort of Service-Key (API-Key) that you contract to your customer. The customer needs to put a small PHP script onto his server processing your widgets input. That script establishes an authentication against your service which opens a service session (session-key).

The session-key can be used publicly then for the one widget request.

The ongoing processing on your server can then be handled within this session. Your server will deny processing if no such session exists.

Sites who did not pay for the service have not Service-Key, so they can not instantiate a session. The Service-Key is a shared secret between your service and the customer.

With this method you can also track to which customer the request belongs to. It's safe from checking HTTP referrers which is a broken concept anyway.

The simplest solution would be to check the request IP or HTTP refferer - if it's on the whitelist, you show the results. Mind that HTTP headers can be faked and it's not 100% safe to rely on them.

Much safer is to adapt cross site request forgery solution - http://en.wikipedia.org/wiki/Cross-site_request_forgery. There are plenty articles on the net, you can start from CSRF (Cross-site request forgery) attack example and prevention in PHP