API设计; 动作端点
[英]API Design; action endpoints
问题描述
Let's say I have a devices which will connect to a server and register/transfer data through an API.
假设我有一个设备将连接到服务器并通过 API 注册/传输数据。
I understand that you would have things like:我知道你会有这样的事情:
GET: api/devices
GET: api/devices/:id
POST api/devices
DELETE: api/devices/:id
Those are examples of typical CRUD endpoints.这些是典型的 CRUD 端点的示例。
But where would I add endpoints for checking if this device is allowed to connect with it's factory ID?但是我应该在哪里添加端点以检查是否允许此设备与其工厂 ID 连接?
I was thinking of always passing a post field with an API key in the form of a device ID, but that would mess with the HTTP verbs.我想总是以设备 ID 的形式传递带有 API 密钥的 post 字段,但这会与 HTTP 动词混淆。
So I think the best way is to add a parameter like this:所以我认为最好的方法是添加一个这样的参数:
GET: api/devices/:id?id=something
But that would become redundant with this endpoint.但是对于这个端点,这将变得多余。
So the question is;所以问题是; how would I successfully identify my own devices?我将如何成功识别我自己的设备?
1 个解决方案
解决方案1
1 已采纳 2017-10-09 18:43:35
It sounds like you're simply looking for a way to do authentication.听起来您只是在寻找一种进行身份验证的方法。 Take a look at the Authorization header and the various authentication schemes for it.查看Authorization标头及其各种身份验证方案。 If existing authentication schemes don't fit your needs, you can also extend it with your own.如果现有的身份验证方案不符合您的需求,您也可以使用您自己的身份验证方案进行扩展。 Common ones are Basic , Digest and Bearer .常见的有Basic 、 Digest和Bearer 。 An example of a vendor-extension is AWS .供应商扩展的一个例子是AWS 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.