API interface Verification How to be a great God to teach you a bit

Want to make an API interface

Reply content:

Want to make an API interface

Very simple, write a class or method can be accessed through the browser, and then output to return the corresponding data, is generally the json format

There are two scenarios for API validation, one for client requests and another for requests from other services.

The simplest of client requests is to control cross-domain access, mostly set Access-Control-Allow-Origin .

Service-side verification at present the main idea is to give access to the services of a secret, require the other party according to a certain rules to generate tokens, access with tokens, local authentication.

The rules for generating tokens are designed according to the actual situation, which is generally a variety of encryption and coding.

You can verify with token. The process is as follows
1. The client uses the account password to log in, successfully generates a random string, writes to the database, and returns it to the client.
2. Client uses token to request a protected resource
3. The server uses token to find the database, if valid, continues the request, otherwise, returns 401.

The client and the service side hold the same public key key, the same set of algorithms, calculate the sign signature, this signature every time the API calls the dynamic calculation and carry this, the server before executing the interface, get the parameters of the client also take the public key to calculate the signature, each comparison signed on the line.

