I'm currently working on a website A that is using one of my apis on a website B.
The website A ask the website B some informations and I was thinking that if someone use a fake dns (or put the website B URL in his hosts file), it'll be impossible for my javascript code to get these informations.
Here's my question: is it possible to prevent it or not?
There are multiple ways to prevent that, but not fully.
First, you could perform a DNS lookup with JavaScript as described here.
As another option, you could just use the IP of your target server. But this isn't an ideal solution for production environments.
The third way that comes to mind is a proxy of your API via website A.
While all three of them are not very secure, keep in mind, that a potential user could also modify the client-side JavaScript code.