Verification for API - Detect GET source?

[SapAuthor]

Hey everyone,

I'm developing a calendar program for the company I work for. I am working right now on the API code for it, that will spit out either the XML, or stled XML of the calendar.

Some "events" are for non-public viewing, so i need to specify some sort of password or passcode in the API request. Is there any way to do this and keep it hidden?

What i'm mainly thinking is if there is some way that the API code can detect where the request came from (for instance, if the API request is coming from our dealer extranet, then it will be able to display the private information, vs if it is just a normal API request or from a source that doest not have permission, it won't show private information). Are there any tags or similar things that give the url of the ASP script that is posting a GET to the API, that the API can check and validate? Or other ideas?

Thanks a bunch.

[SouthwaterDave]

How is your API implemented? As a web page or a web service, or something else altogether?

A web page or a web service could check the request's server variables to determine where the request came from. For instance, Request.ServerVariables("REMOTE_ADDR") returns the IP address of the remote client making the request.