保护使用 Swagger 创建的 NodeJS API 的最佳实践
[英]Best practices for securing NodeJS API created with Swagger
问题描述
I have created an API with NodeJS and Swagger that works well, but anybody can call it and I want to restrict it to the users that have a valid API Key.
我已经使用 NodeJS 和 Swagger 创建了一个运行良好的 API,但任何人都可以调用它,我想将其限制为拥有有效 API 密钥的用户。 Are there any best practices that I need to use for securing the API?我是否需要使用任何最佳实践来保护 API? Just adding the api key in the request?只是在请求中添加 api 密钥? Generating a token and adding it to the request header?生成令牌并将其添加到请求标头中?
1 个解决方案
解决方案1
0 已采纳 2017-01-23 03:03:48
That makes oauth is born.这使得 oauth 诞生了。 Look at https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2看看https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.