Html interaction with PHP using ajax (RestfulAPI)

Because mobile and PC APIs are shared, I want to do this. Html interacts with PHP, using Ajax (RestfulAPI. 1. How to ensure security? 2. What should I pay attention? 3. How can we prevent other users from sending fake requests? Or, what are the advantages and disadvantages of MVC? Because mobile and PC APIs are shared, I want to do this.
Html interacts with PHP using Ajax (Restful API.
1. How to ensure security?
2. What should I pay attention?
3. How can we prevent other users from sending fake requests?

Or, what are the advantages and disadvantages of MVC?

Reply content:

Because mobile and PC APIs are shared, I want to do this.
Html interacts with PHP using Ajax (Restful API.
1. How to ensure security?
2. What should I pay attention?
3. How can we prevent other users from sending fake requests?

Or, what are the advantages and disadvantages of MVC?

1. Security
The security of web is universal and has nothing to do with your solution to the problem.
For example, for input verification, the normal verification is two steps (browser, server), so the API-style design is as a direct request, the server must strictly verify the incoming data.
For example, access permission. Although the API is directly exposed for access, it can provide additional required parameters as access control. The source and method of this parameter depend on you.

2. What should I pay attention?
This problem is really too wide.

3. Burst
In fact, this can be included in question 1.
If a key value is input as an additional parameter, you can limit the number of times the key is accessed within a certain period of time. This is just a simple processing method.
However, this method is not applicable in case of a suspected CSRF attack.

In fact, any web application can capture packets for analysis, interpret it as a "pseudo API" (non-dedicated words), and then request it for results. Basically, crawlers use this method.
The starting point of attention is (actually the answer to question 2)
1. Security
Security policies for system permissions and other issues
Security Defense from attacks
2. Crawler
Anti-crawler-related technologies.

Security Problem: If your data level is relatively high, Use https.
Anti-bot service: Multiple IP addresses on the server. The client can use js to encrypt strings. It can also be flushed (but it will be cracked, so does google's passport. But his js algorithm is hard ).