How to prevent outsiders from calling the API

How to prevent outsiders from invoking the API?
Brother, ask a question.
If the site's operations are implemented through an API
Like what
PHP has a control page, www.control.php?action=1$addlist= "ADFS" .....
Of course the Post method, for example.

From home Ajax call post to this page

How to prevent others from submitting pages to my API via the tool, only allow my mobile app to submit?

Thank you, the gods, for their advice.

Share to:

------Solution--------------------
Www.control.php?action=1&addlist= "ADFS"
The URL above is an example:
The first two functions are written to encrypt and decrypt, so that the new URL becomes
Cryptographic function: Used to encrypt the specified content, the contents of which he has encrypted can be reversed with the decryption function

Www.control.php?action=1&addlist= "ADFS" &key= Cryptographic functions ("ADFS")

Server-side:
Get the value of addlist and key, and then use the decryption function to solve it, and use this result to compare with addlist.
------Solution--------------------
Reference:

Quote: Reference:

Quote: References:

Our team's practice is that each mobile phone login app will have a session_id, referred to as SID, through this to determine whether it is illegal to call

Thank you, like this session ID is not to be stored in the database to verify it?
I really don't understand the token, I don't know how it's going to come true.

That is, our app calls our web side of the interface, send up the SID value, the Web again through the server-side C + + to verify the SID (Sid should be in the app when the log is saved in memory), if the equality is OK, not equal to the words are illegal call.

Why not continue to use PHP, to call C + + to verify it? Little White Doubt

