Intended Usage
Essential information about intended usage
The movieXchange APIs are trusted by exhibitor’s systems to perform sensitive operations. Due to this trust relationship with exhibitors, the MX APIs must only be accessed from behind a secure layer of an application, not exposed as part of an insecure, consumer-facing environment, such as via JavaScript in a web page.
To clarify, calling the MX APIs from behind your own web-services layer is fine, whereas directly calling them from within any webpage or client application is not, as this would publicly expose security tokens and API patterns. Calls from client devices or applications should never be made directly to the MX APIs. Instead, they should be routed via a secured layer that doesn’t require the public exposure of the API's methods or security tokens.
Updated over 4 years ago