ZF2 - Check referer in API call
I want to write an internal REST API which returns some json data. How can I protect that API call, that it only can get called by the same domain? Should I do it with a dispatch listener?
You could indeed create a guard (an event listener). You can have a look at BjyAuthorize to see how it's implemented there: https://github.com/bjyoungblood/BjyAuthorize/blob/master/src/BjyAuthorize/Guard/Controller.php
Other than that, I'm not sure but how about trying server things? Like Same Origin Policy or CORS headers?