You can not. The signature is intended to verify execution, which means that it is on the server side. But you want to verify the signature on the http / rest request on the client side. The client side does not have such a check.
You can add something to the answer itself and check it on the client side, but, again, nothing prevents the other server from sending the same value and therefore pretends to be your server.
You can also add some behavior characteristics to your jar (for example, session cookies), but, again, nothing prevents other banning machines from emulating it too.
Alex
source share