使用API Key + Secret On Express保护我的RESTful API
[英]Securing my RESTful API with API Key + Secret On Express
问题描述
I have built a REStful API on Express and I would like to secure it with an authentication which requires a Public key, Hashed Private Key, and a Nonce as Headers similar to the way Coinbase or Potcoin operate. 
我在Express上构建了一个REStful API,我希望通过身份验证来保护它,需要使用公钥,哈希私钥和Nonce作为Header,类似于Coinbase或Potcoin的运行方式。 Problem is I cannot find the right library with an example of how to implement it. 问题是我找不到合适的库以及如何实现它的示例。 The closest is probably HMMAC , however its example does't work and it is even started in the file. 最接近的可能是HMMAC ,但是它的例子不起作用,它甚至在文件中启动。 My question is, how should I implement such a security for the REST API. 我的问题是,我应该如何为REST API实现这样的安全性。 Note that it has sensitive information for every user such as balance etc and it is meant for developers to consume our service. 请注意,它具有针对每个用户的敏感信息,例如余额等,并且它适用于开发人员使用我们的服务。 I just want to secure every GET, POST, PATCH endpoint on the API. 我只想保护API上的每个GET,POST,PATCH端点。
1 个解决方案
解决方案1
0
按建议使用JWT,效果相当不错。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.