How to know which website ask for an external image served by php?

Question

I have a PHP file serving images. It ask for an "api key" (to limit the access) and a string. Then it generate a PNG image and return it.

To access the image:

<img src="http://www.myserver.com/mypage.php?api=APIKEY&text=some-text-here" alt=""/>

This image will be called from third party's website.

I need to know if the website related to the api key is the same as the one asking for the image.

I can grab the referrer but I know sometimes it can be empty.

How can I verify this information? Is there any better way of doing this?

Thanks for your help.

Answer 1

Unfortunately, the Referer header is the only thing you can use for this. Yes, it can be unreliable, and is definitely easily spoofed. But, it will provide some protection for you.