The REST API for Mongolab is cool. I can use that for analytics in my website directly using the following javascript, provided on Mongolab's support page. Only if I can understand how the authentication actually works. The API key mentioned in the URL could be easily copied by anyone who'd view the html source. The Mongolab control panel does not offer any registration for my website that'd assure me that the api key will be validated only if coming from my domain. How does this authentication work?
$.ajax( { url: "https://api.mongolab.com/api/1/databases/my-db/collections/my-coll?apiKey=myAPIKey",
data: JSON.stringify( { "x" : 1 } ),
type: "POST",
contentType: "application/json" } );