问题描述
我很感兴趣在web.api创建API密钥,并允许客户使用API密钥,而不是授权web.api提供了API沟通。
I m interested in creating API keys for web.api and allowing clients to communicate with API using the API keys rather than authorization web.api provides.
欲多个客户端能够与web.api通信。而不是创建用户名和密码,我可以使用API密钥,并允许客户端与客户端通信。
I want multiple clients to be able to communicate with the web.api. instead of creating username and password, can i use an api key, and allow clients to communicate with client.
会出现这种内置的功能?
is there such built in functionality?
如果一个人想实现它,你将如何去解决它?
if one wants to implement it, how would you go around it?
推荐答案
您可以通过使用的。基本上,有可能被称为一个数据库表中的 ApiKey(apiKey,SecretKey的)。每个客户端都有每个Apikey和密钥:
You are able to achieve by using HMAC Authentication. Basically, there might be a database table called ApiKey (apiKey, secretKey). Each client has each Apikey and secret Key:
-
ApiKey就像是一个公共密钥,并通过HTTP(含用户名相同)进行发送。
ApiKey is like a public key and will be sent over HTTP (similar with username).
密钥是不通过HTTP发送,使用该密钥做HMAC一些信息和发送散列输出到服务器。从服务器端,基于公共密钥,就可以得到培训相关的密钥和哈希信息与哈希输出比较。
Secret Key is not sent over HTTP, use this secret key to do hmac some information and send hashed output to the server. From server side, based on the public key, you can get the relevent secret key and hash information to compare with hash output.
我已经张贴在详细的解答:How确保一个MVC ASPNET网络API
I have posted the detailed answer at: How to secure an ASPNET MVC Web API
您可以通过密钥对我的回答改变由ApiKey的用户名和哈希密码用你的想法映射。
You can change Username by ApiKey and Hashed Password by secret key on my answer to map with your idea.
这篇关于网页API创建API密钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!