堆栈内存溢出
  简体   繁体   English

如何使用curl进行API身份验证

[英]How to do API authentication with curl

 原文  2013-06-25 07:30:59       php/ android/ json/ api/ restful-authentication

问题描述

I'm new to creating API's and I am making an API for my php site. 我是创建API的新手,并且正在为我的php网站制作API。 Now in any case what I am currently doing is having my script do a cURL call to some php file which does all the processing. 现在无论如何我现在正在做的就是让我的脚本对一些进行全部处理的php文件进行cURL调用。 Aka im doing a POST call for example to an api file which lets say creates a forum post for that user. aka im对api文件执行POST调用,例如说可以为该用户创建论坛帖子。 Now the important thing to me is how do I authenticate and retrieve which user is sending the data. 现在对我来说重要的是如何验证和检索发送数据的用户。 So how do I know the cURL call came from my server? 那么我怎么知道cURL调用来自我的服务器?

What I was going to do is have my server have a secret key that is passed in the api call and verified by the api file. 我要做的是让我的服务器具有一个秘密密钥,该密钥在api调用中传递并由api文件验证。 The api file would make sure the key is correct and then take whatever username was passed in for example to make a forum post. api文件将确保密钥正确,然后接受传入的任何用户名,例如发表论坛帖子。 My only concern is if this key is ever found out im screwed. 我唯一关心的是,是否曾经发现此密钥是固定的。 I also want to be able to have the site work lets say as an android app so I want to be able to make curl calls lets say (not sure if thats possible) and have some authentication key sent to my server but I never want the user to be able to packet inspect for the secret key. 我也希望能够让站点工作像一个Android应用程序那样说,所以我希望能够进行curl调用(说不知道是否可行)并将一些身份验证密钥发送到我的服务器,但我从不希望用户将能够对密钥进行分组检查。

So my question is how can I securely do curl calls, since when I do a curl call it doesn't read any of the $_SESSION values I have set (unless im missing something). 所以我的问题是如何安全地执行curl调用,因为当我进行curl调用时,它不会读取我设置的任何$ _SESSION值(除非我遗漏了任何内容)。 Any help is much appreciated. 任何帮助深表感谢。 I was also thinking of authenticating using the username and password each time the only problem is I kind of want to avoid having to verify that the username and password is correct every time an api call is done since thats going to be another query that has to be done. 我也在考虑每次使用用户名和密码进行身份验证时唯一的问题是我有点想避免每次执行api调用时都必须验证用户名和密码是否正确,因为那将是另一个必须查询的查询。完成。 But if that is the recommended way or the industry way then ill do it that way. 但是,如果这是推荐的方法或行业方法,那么就不适合这样做。 Just looking for how to handle everything the proper way. 只是寻找如何正确处理所有事情。

1 个解决方案

解决方案1
 0  2013-06-25 07:42:32

然后,您应该考虑实施OAuth

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用curl进行pivotaltracker oauth身份验证 - how to do pivotaltracker oauth authentication using curl 如何使用curl在Bug群中进行身份验证 - how to do Authentication in bug herd using curl 用于CURL的Laravel API身份验证 - Laravel API Authentication for CURL 如何在PHP中为新的Udemy 2 API身份验证添加curl HTTP Headers? - How to add curl HTTP Headers for new Udemy 2 API authentication in PHP? 具有CURL和身份验证的PHP API调用 - PHP api call with CURL and authentication 如何在 Firebase 上为 cURL 添加认证系统? - How do I add an authentication system for cURL on Firebase? API需要编码的API密钥,我该如何使用curl发送它? - API requires a encoded API key, how do i send this with curl? 如何在lumen API中进行身份验证? - how to do Auth Authentication in lumen api? PHP中的Sendgrid cURL身份验证GET API - Sendgrid cURL authentication GET API in php cURL API与动态数据和标头身份验证的集成 - cURL API integration with dynamic data and header authentication
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM