Third-party websites will be hosting my flash files. Within the files is an API function that updates specific user data on my server. I'd like to lock this down as much as possible. Obviously having the third-party site pass a secret key within the flash doesn't create any real security.
The next thing I was thinking was having the site pull the key from their database and pass it as a variable, although anyone can replicate that call.