This is a great solution for existing APIs, but I want to mention that if you're designing a new API, you should opt for CORS instead of JSONP. This allows people to do straight-up XHR requests on your domain, with a whitelist of methods, headers, whatever.

http://www.w3.org/TR/cors/