Domain based security for widgets

The web sites will be register and get an API key to use widgets. For example; Site A is registered as sitea.com for widget. But the main problem is, the widget can not be accessable from siteb.com with API key of si开发者_JAVA技巧tea.com. Are there any way to implement this?

The API keys for Google Maps are similar. There, you specify a key and it is checked every time against your domain. However, it is hard to get this secure. With Google Maps you can simply change the Javascript so that it does not check the API key anymore.