如何仅从我们的网站服务器而不是访问者的 IP 向 API 执行 AJAX 请求?
[英]How to perform AJAX Request to an API from our website server only, not from visitor's IP?
问题描述
On our website we're using an AJAX request via jQuery to ping an API and retrieve the data when someone submits a form.
在我们的网站上,我们通过 jQuery 使用 AJAX 请求来 ping API 并在有人提交表单时检索数据。
The API provider has told us that the AJAX request to their API must only come from one IP address, basically our webhost, and that currently anyone who visits the website to submit the form - that it's their IP making the ajax request, not our website. API 提供商告诉我们,对他们 API 的 AJAX 请求只能来自一个 IP 地址,基本上是我们的网络主机,并且目前任何访问该网站以提交表单的人 - 这是他们的 IP 发出 ajax 请求,而不是我们的网站.
Is there a way to make the AJAX call to the API directly from the website server itself, and not the visitor who submitted the form?有没有办法直接从网站服务器本身而不是提交表单的访问者对 API 进行 AJAX 调用?
Here's the basic code we're using to some degree, it's just a simple AJAX request and the basic code is as follows (website redacted):这是我们在某种程度上使用的基本代码,它只是一个简单的 AJAX 请求,基本代码如下(网站已编辑):
The API provider says this is making the call from the visitor's ip address, is there a way to do the same call but have it sent from our server ip? API 提供者说这是从访问者的 ip 地址进行调用,有没有办法做同样的调用,但它是从我们的服务器 ip 发送的?
$.ajax({
url: 'http://website.com',
dataType: 'json',
success: function( data ) {
// perform everything
},
error: function( data ) {
// error stuff
}
});
}
2 个解决方案
解决方案1
1 已采纳 2019-05-01 15:48:16
I don't know what framework or language you're using, so I'll try to be agnostic on that.我不知道你使用的是什么框架或语言,所以我会尽量不可知论。
Instead of making the AJAX request to the API provider's server, you could create a resource on your own server that accepts AJAX requests and makes the necessary calls to the API from the server.您可以在自己的服务器上创建一个资源来接受 AJAX 请求并从服务器对 API 进行必要的调用,而不是向 API 提供者的服务器发出 AJAX 请求。
解决方案2
-1 2019-05-01 16:26:25
JavaScript is always run on the client. JavaScript 始终在客户端上运行。 Any calls made through JS always originate from the client's machine.通过 JS 进行的任何调用始终来自客户端的机器。 You can make calls to your own server (localhost on the domain the client is visiting) or another server, but the call will still originate from the client.您可以调用自己的服务器(客户端正在访问的域上的本地主机)或其他服务器,但调用仍将来自客户端。
Let's try an example with 2 visitors to your site and a 3rd party site:让我们尝试一个示例,其中有 2 个访问者访问您的网站和一个第 3 方网站:
- Visitor 1 IP address = x访问者 1 IP 地址 = x
- Visitor 2 IP address = y访问者 2 IP 地址 = y
- Your website IP address = a您的网站 IP 地址 = a
- Third party website IP address = b第三方网站IP地址= b
Then you have the following connections:然后你有以下连接:
- When visitor 1 makes an AJAX call to your website, x connects to a当访问者1使得AJAX调用到您的网站,X连接到
- When visitor 2 makes an AJAX call to your website, y connects to a当访问者2使AJAX调用到您的网站,Y连接到
- When visitor 1 makes an AJAX call to the third party website, x connects to b当访问者 1 对第三方网站进行 AJAX 调用时, x连接到b
- When visitor 2 makes an AJAX call to the third party website, y connects to b当访问者 2 对第三方网站进行 AJAX 调用时, y连接到b
What the third party site is telling you is only a is authorized to connect to b .第三方站点告诉您的是,只有a被授权连接到b 。 x and y are not authorized to connect to b . x和y无权连接到b 。 Therefore you have to follow this sequence:因此,您必须遵循以下顺序:
- x or y connect to a X或Y连接到
- a connects to b (on behalf of x or y ) a连接到b (代表x或y )
- b responds to a b响应a
- a responds to x or y a响应x或y
The question doesn't specify what your server runs, but languages like PHP can make calls to other servers using cURL.这个问题没有指定你的服务器运行什么,但是像 PHP 这样的语言可以使用 cURL 调用其他服务器。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.