Home >Backend Development >PHP Tutorial >How to do api interface verification? Can anyone give me some advice?

How to do api interface verification? Can anyone give me some advice?

WBOY
WBOYOriginal
2016-08-20 09:04:06973browse

I want to make an API interface

Reply content:

I want to make an API interface

It’s very simple, just write a class or method that can be accessed through the browser, and then output and return the corresponding data, usually in jsonformat

Api verification needs to consider two situations, one is the request from the client, and the other is the request from other services.

The simplest thing for client requests is to control cross-domain access, mainly by setting Access-Control-Allow-Origin.

The current mainstream idea of ​​server-side verification is to give the service that is allowed access a secret, require the other party to generate a token according to certain rules, bring the token when accessing, and verify it locally.

The specific rules for generating tokens are designed based on the actual situation, generally including various encryption and encoding.

Just use token to verify. The process is as follows
1. The client first requests login with the account and password. A random string is generated after successful login, written into the database, and returned to the client.
2. The client uses the token to request protected resources
3. The server uses the token to search the database. If it is valid, continue the request, otherwise, return 401.

The client and the server respectively hold the same public key and the same set of algorithms to calculate the sign signature. This signature is dynamically calculated and carried every time the API is called. The server obtains the signature from the client before executing the interface. The public key is also used to calculate the signature for the terminal parameters, and the signatures are compared each time.

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn