javascript - How can I identify users of my API when they call it in JS? -
I have created an API that people get JavaScript (client-side, node. I should know that my API's If I have an API key in the API key, then in my API call, anyone can see their API key and can use it.
If I call my JS How do I identify the users of my APIs Rum? Private key is known only for APIs, and you can create a hash based on both public and private key, and they check the match on server-side Can do Next, it is a good idea to limit the key to the specific domain in PHP. You can easily use the As you will see, this is your It is worth adding the authentication table to the database and storing the domain, public key and private key inside it, so that you can authenticate the request. $. Ajax (function () {url: "http://usefulapi.com/get-things?api_key=123412341234134", // Anyone can view my API key Data: {some statistics}}) Generally, we use a combination of public and private key encryption for API access.
$ _ SERVER ['HTTP_ORIGIN'] super-global Where can the request come from? The following pseudo code should give you some pointers:
$ domain = basename ($ _ server ['HTTP_ORIGIN']); $ ApiKey = $ _REQUEST ['api_key']; // Now, get the private key for this domain // Check the private and public key check // // the request is either allowed or denied
Comments
Post a Comment