Home >Backend Development >PHP Tutorial >PHP development api interface
Recommended: "PHP Video Tutorial"
php’s api interface
In actual work, it is common to use PHP to write api interfaces. After writing the interface in PHP, the front desk can obtain the interface through a link. The data provided, and the data returned are generally divided into two situations, xml and json. In this process, the server does not know the source of the request. It may be that someone else illegally calls our interface to obtain the data, so it Use security verification.
Verification principle
Schematic diagram
##PrincipleFrom the picture you can It is clear that if the front desk wants to call the interface, it needs to use several parameters to generate a signature.
Algorithm rulesIn front-end and back-end interactions, algorithm rules are very important. Both front-end and back-end must calculate signatures through algorithm rules. As for how to formulate the rules, it depends on how happy you are. How come.
Front deskI don’t have an actual front desk here. I directly use a PHP file instead of the front desk, and then simulate a GET request through CURL. I am using the TP framework and the URL format is pathinfo format.
Source code
<?php /** * Created by PhpStorm. * User: Administrator * Date: 2020/3/16 0016 * Time: 15:56 */ namespace Client\Controller; use Think\Controller; class ClientController extends Controller{ const TOKEN = 'API'; //模拟前台请求服务器api接口 public function getDataFromServer(){ //时间戳 $timeStamp = time(); //随机数 $randomStr = $this -> createNonceStr(); //生成签名 $signature = $this -> arithmetic($timeStamp,$randomStr); //url地址 $url = "http://www.apitest.com/Server/Server/respond/t/{$timeStamp}/r/{$randomStr}/s/{$signature}"; $result = $this -> httpGet($url); dump($result); } //curl模拟get请求。 private function httpGet($url){ $curl = curl_init(); //需要请求的是哪个地址 curl_setopt($curl,CURLOPT_URL,$url); //表示把请求的数据已文件流的方式输出到变量中 curl_setopt($curl,CURLOPT_RETURNTRANSFER,1); $result = curl_exec($curl); curl_close($curl); return $result; } //随机生成字符串 private function createNonceStr($length = 8) { $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; $str = ""; for ($i = 0; $i < $length; $i++) { $str .= substr($chars, mt_rand(0, strlen($chars) - 1), 1); } return "z".$str; } /** * @param $timeStamp 时间戳 * @param $randomStr 随机字符串 * @return string 返回签名 */ private function arithmetic($timeStamp,$randomStr){ $arr['timeStamp'] = $timeStamp; $arr['randomStr'] = $randomStr; $arr['token'] = self::TOKEN; //按照首字母大小写顺序排序 sort($arr,SORT_STRING); //拼接成字符串 $str = implode($arr); //进行加密 $signature = sha1($str); $signature = md5($signature); //转换成大写 $signature = strtoupper($signature); return $signature; } }
Server side
Source Code
<?php /** * Created by PhpStorm. * User: Administrator * Date: 2020/3/16 0016 * Time: 16:01 */ namespace Server\Controller; use Think\Controller; class ServerController extends Controller{ const TOKEN = 'API'; //响应前台的请求 public function respond(){ //验证身份 $timeStamp = $_GET['t']; $randomStr = $_GET['r']; $signature = $_GET['s']; $str = $this -> arithmetic($timeStamp,$randomStr); if($str != $signature){ echo "-1"; exit; } //模拟数据 $arr['name'] = 'api'; $arr['age'] = 15; $arr['address'] = 'zz'; $arr['ip'] = "192.168.0.1"; echo json_encode($arr); } /** * @param $timeStamp 时间戳 * @param $randomStr 随机字符串 * @return string 返回签名 */ public function arithmetic($timeStamp,$randomStr){ $arr['timeStamp'] = $timeStamp; $arr['randomStr'] = $randomStr; $arr['token'] = self::TOKEN; //按照首字母大小写顺序排序 sort($arr,SORT_STRING); //拼接成字符串 $str = implode($arr); //进行加密 $signature = sha1($str); $signature = md5($signature); //转换成大写 $signature = strtoupper($signature); return $signature; } }
Result
string(57) "{"name":"api","age":15,"address":"zz","ip":"192.168.0.1"}"
SummaryThis method is just one of them, in fact there are many methods All can be safely verified.
The above is the detailed content of PHP development api interface. For more information, please follow other related articles on the PHP Chinese website!