Method One, fixing a value, such as MD5 (' www.111cn.net '), and then validating the generated characters at the URL or post pass
Method Two, a slightly more complex point of the two sides agreed to generate a good format
The following example www.111cn.net simple explanation of PHP Interface Development encryption Technology:
If app wants to request a list of users, the API is "Index.php?module=user&action=list"
App generates token = md5sum (' user '. ') 2012-11-28′. ' Www.111cn.net '. List) = 880fed4ca2aabd20ae9a5dd774711de2;
The actual initiating request is "Index.php?module=user&action=list&token=880fed4ca2aabd20ae9a5dd774711de2"
The server receives the request to compute the token in the same way:
$module = $_get[' module '];
$action = $_get[' action '];
$token = Md5sum ($module. Date (' y-m-d ', Time ()). ' Www.111cn.net '. $action);
if ($token!= $_get[' token ']) {
alarm (' access deny ');
Exit ();
}
This determines that the request URL parameter is legitimate and allows access. The key is the construction of interface token parameters.
There is also a way to use cookies, which does not apply to reading interface data, and is suitable for accessing interfaces in browsers.
1. The request head with the user username and password, to the server side to do the verification, through to continue the bottom business logic.
Benefits: Prevents server-side APIs from being arbitrarily invoked.
Disadvantages: Each interaction username and password, the interaction is large, and the password plaintext transmission is not secure.
2. First request, request username and password, verify through, type cookies to the client, app save cookie value.
Bring a cookie on each request.
Comments: And the PC on the principle of the browser authentication.