Use Crumbs!

Include a user-specific crumb in the request data.

Generating the crumb
<?php
$user = 'rasmus';
$secret = 'foo';
$crumb = sha1($user.$secret);
?>
<script>
function sndReq(formName) {
  YAHOO.util.Connect.setForm(formName);
  YAHOO.util.Connect.asyncRequest('POST','api.php',callback);
}
</script>  
<form name="myform" onsubmit="sndReq('myform'); return false;">
  <input type="hidden" name="crumb" value="<?php echo $crumb?>"/>
  <input type="text" name="foo"/>
</form>
Validating the crumb - api.php
<?php
$user = 'rasmus';
$secret = 'foo';
if($_POST['crumb'] != sha1($user.$secret)) {
  echo json_encode(array("error"=>"XSRF Detected"));
  exit;
}

// Perform Action

?>