How can we prevent outsiders from calling APIs? The younger brother asked a question. If all website operations are implemented through an api, for example, php has a control page, www. control. php? Action = 1 $ addlist = "adfs"... of course, it is the post method, for example. From the homepage ajax & nbsp; how does one prevent outsiders from calling APIs by calling po?
Ask a Question
If all website operations are performed through an api
For example
Php has a control page, www. control. php? Action = 1 $ addlist = "adfs ".....
Of course it is the post method, for example.
From the home page, ajax calls post to this page
How can I prevent other people from submitting pages to my api through tools and only allow my mobile app to submit them?
Thank you for your advice.
Share:
------ Solution --------------------
Www. control. php? Action = 1 & addlist = "adfs"
The preceding scheme url is used as an example:
First, encrypt and decrypt the two data records. then, the new url becomes
Encryption Function: used to encrypt the specified content. the encrypted content can be decrypted using the decryption function.
Www. control. php? Action = 1 & addlist = "adfs" & key = encryption function ("adfs ")
Server:
Obtain the values of addlist and key separately, and then use the decryption function to solve the problem. use this result to compare it with addlist.
------ Solution --------------------
Reference:
Quote: reference:
Quote: reference:
Our team's practice is that each mobile phone will have a session_id (sid for short) after logging on to the app. through this, we can determine whether the call is illegal.
Thank you. do session IDs like this need to be stored in the database for verification?
I really don't know about the token, but I don't know how to implement it.
Yes. after our app calls the interface on the web side, it uploads the sid value, the web then verifies this sid through the server c ++ (sid should be stored in the memory during app login). If the sid is equal, it is OK. Otherwise, it indicates that it is an illegal call.
Why don't I continue to use php and call C ++ for verification? FAQ