I am currently working on a project involving the development of a live chat widget meant to be embedded into our partners' websites. To facilitate this, we have an API in place, and I am seeking guidance on the best approach (architecture) to provide these widgets to our customers while ensuring the API remains secure from unauthorized access.
It's important for our chat widget to be accessible to anonymous users. In order to implement security measures, I have the capability to request specific information from our customers, such as hostname and IP addresses. Additionally, I can furnish them with a security token.
I would greatly appreciate it if you could share any best practices or direct me towards articles that cover strategies for preventing unauthorized calls to our API.