How to prevent spamming to my api server?


I have been thinking of a way to make a secured request from a client to server (not in terms of implementing an SSL) but a way so that I can prevent spamming.

Allow me to explain what exactly I am looking for.

I have clients that make an HTTP request over REST to talk to my server and access its APIs. Now I have provided separate unique API keys to all customers which they use to authenticate themselves as the user. They use this API key as one of the parameter and make a POST / GET request to my server.

Now the problem is anyone who sees the API key can make spam request to my server acting as my customer.

Is there any way to prevent this? Like a private and public key concept? If yes, can someone link me to any ready made algorithm written in PHP which I can use and easily implement in my web app?

Many thanks in advance.

Why not use SSL? That’s definitely the easiest way to do this sort of thing. It doesn’t have to be expensive either as SSL certificates start at ~10US$
Of course you’d have to have a dedicated IP, but generally those aren’t very expensive either.