Accepting get/post requests only from localhost
in the constructor you could use
if ($_SERVER['SERVER_ADDR'] != $_SERVER['REMOTE_ADDR']){ $this->output->set_status_header(400, 'No Remote Access Allowed'); exit; //just for good measure}
However if this method isnt what you're looking for.. use .htaccess
you can perform a quick google search to return a specific example for denying get/post to all and then allow for 127.0.0.1/localhost.
Using .htaccess is probably the best way, allow only from your local address and 127.0.0.1.I found this example at petergasser.com and changed it only slightly:
AuthName "bla" AuthType Basic <Limit GET POST> order deny,allow deny from all allow from 127.0.0.1allow from <your-ip-here></Limit>
Use a key (think of API keys) to send along the request to your server. Then on your server you check that key and if it's the right one you return data.