伊谢尔伦2017-04-18 09:26:18
The issued certificate cannot be permanently valid or authenticated with high-end public and private keys. Only the requester and the server have the same set of encryption and decoding mechanisms.
You’re not going to tell me that the API outputs data without any authentication, right?
PHP中文网2017-04-18 09:26:18
1. The interface uses HTTPS, which is resistant to packet capture.
2. The interface calls the token+sign mechanism. The calling end and the interface end respectively use the same set of algorithms to calculate the sign signature. The token is the public key.
阿神2017-04-18 09:26:18
It is recommended to take a look at WeChat’s API and Alipay’s API design plan, you will be inspired
