How to Secure Backend (Admin) Ajax Requests

[shopapps]

Hi,

 

I would like to ajax some information into the backend interface for one of my modules.  I have the ajax bit working, but would now like to add a level of security to it, so that only a logged in admin person is accepted in the modules adminajax.php file.

 

Does anyone have any working example code to hand to point me in the right direction on how to do this?  I'm guessing i need some kind of "token" to add to the ajax variables which can then be checked at the receiving end, but unless i'm reading in the wrong documentation I cant find reference to the best practise to achieve this.

 

Many thanks in advance for any help. 

Edited February 10, 2014 by shopapps (see edit history)

[vekia]

check how the homeslider ajax works

 

there is a code like:
 

include_once('../../config/config.inc.php');
include_once('../../init.php');
include_once('homeslider.php');

$context = Context::getContext();
$home_slider = new HomeSlider();
$slides = array();

if (!Tools::isSubmit('secure_key') || Tools::getValue('secure_key') != $home_slider->secure_key || !Tools::getValue('action'))
	die(1);

[shopapps]

Great thanks for the pointer, will investigate tommorow.