Thread:Project:Support desk/Disable API access for external sites?/reply

Not inside MediaWiki, but you can create rules in your webserver.

The access to the api has the following characteristics:


 * Access from the clients (users) of your wiki, for example to add a page to the watchlist
 * Those HTTP requests should have a " " (sic) header from the page originating the request.
 * Access from external sources
 * Those HTTP request won't have a " " header, or they'll contain a different server. But note that they could fake a Referer header!

This is a bit weak, but may be useful to you.