问题描述
可能重复:结果
我正在写在PHP的API,它选择使用敬/ REST。
I'm writing an API in PHP and it opted to use Respect/REST.
这是不是公共API,也就是说,只有授权的客户端应用程序可以使用那里。而这正是我想的如何保证信息的安全,该API处理的一些想法。
客户端应用程序可以用任何语言编写,但正如我所说,他们应该被允许使用API。
This is not a public API, ie, only authorized client applications can consume there. And this is where I would like some idea of how to guarantee the security of information that the API handles.The client applications can be written in any language, but as I said, they should be allowed to use the API.
目前,我正在写一个测试客户端使用jQuery.rest这个API。
At the moment I'm writing a test client for this API using jQuery.rest.
我的疑惑是:
1)如何确保只有授权用户才能访问API?
1) How to ensure that only authorized clients can access the API?
2)如何保证对API的每个请求已获授权的客户端?
2) How to ensure that every request made to the API has been authorized client?
推荐答案
最常用的方法之一,其使用,但它不是唯一的方法。
one of the most common approach its using oauth, but its not the only way.
尝试寻找资源,他们对API服务和验证有用的免费电子书和网络直播。
Try to look resources at apigee they have useful free ebooks and webcast about api servers and authentication.
- OAuth: The Big Picture
- Web api design
- Is your api naked?
- API Façade Pattern
第一,也许会掩盖你的疑惑,其他都只是为了学习更多一点关于服务器API的
The first maybe will cover your doubts, the other are just to learn a little more about server API's
另外看看他们的和的
这篇关于客户端应用程序PHP REST API授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!