如何在Javascript和PHP中设置带有URL身份验证的API Web密钥?
[英]How do I set up an API web key with URL authentication in Javascript and PHP?
问题描述
So I've read until my eyes are bleeding so here is my question... 
所以我一直读到眼睛流血,这是我的问题...
My backend is PHP 我的后端是PHP
I have a service that I want to put out online lets call it GREATSERVICE.com. 我有一项要在线发布的服务,可以称之为GREATSERVICE.com。 I want to have people sign up for an API key and restrict it by domain so that only http://www.????.com can use it. 我想让人们注册一个API密钥并按域对其进行限制,以便只有http://www.????.com可以使用它。 I know I can just store the API and domain that the person enters into the database. 我知道我可以只存储该人输入数据库的API和域。
I'm hung up on how to validate that the service is being accessed by the proper website. 我想知道如何验证适当的网站正在访问该服务。
I mean lets say I'm cruising the web with the domain address temp-13-43.xfinity.com and I go to website servicehost.com. 我的意思是说我要使用域名temp-13-43.xfinity.com来浏览网页,然后转到网站servicehost.com。 servicehost.com has an API key....as how do I recognize the service is being accessed from servicehost.com and not the clients temp-13-43.xfinity.com address... servicehost.com有一个API密钥....我如何识别该服务是从servicehost.com而不是客户端temp-13-43.xfinity.com地址访问的...
So what I'm trying to figure out is to this in javascript on the client side. 因此,我想弄清楚的是客户端上的javascript。 Kind of like Google Maps. 有点像Google Maps。 Maps just loads some javascript onto the page with an API key but the API key checks the URL of the WEBSITE and not the client visiting the website. Maps只是使用API密钥将一些JavaScript加载到页面上,但是API密钥会检查WEBSITE的URL,而不是访问网站的客户端。
That is where I'm lost. 那是我迷路的地方。 How can I check the DOMAIN of the site that the user went to and only if it is correct wiht the correct API then render the service out. 我该如何检查用户访问的站点的域,只有在使用正确的API正确的情况下,才可以提供服务。
So in the head section I have javascript 所以在头部我有javascript
So on the SERVICEHOST site I give them the code so that they can use the mygreatservice widget. Think along the lines of the twitter embeded viewer
<SCRIPT type="text/javascript" src="http://mygreatservice.com/service.php?api=asdfasdfasdfa></SCRIPT
tags which point to a PHP page to return the need javascript. 指向PHP页面以返回所需javascript的代码。 Again I just want to make sure that the widget I'm returning is used on the proper sites for light security/tracking purposes. 再次,我只想确保我返回的小部件在适当的站点上用于轻安全性/跟踪目的。
Thanks 谢谢
2 个解决方案
解决方案1
0 2012-03-07 19:04:28
That is where I'm lost.
This will give you lots of information about the host which initiates request: 这将为您提供有关发起请求的主机的大量信息:
echo $_SERVER
Specifically echo $_SERVER['HTTP_HOST'] 特别是echo $_SERVER['HTTP_HOST']
Now you need to check if this HTTP_HOST has a legitimate API key which your Web Service can validate. 现在,您需要检查此HTTP_HOST是否具有Web服务可以验证的合法API密钥。
解决方案2
0 已采纳 2012-03-07 19:12:54
Edit: 编辑:
Ask your members to put this line in their site: (for instance I put this code in my server http://www.otherserver.com ) 要求您的成员将此行放在他们的站点中:(例如,我将此代码放在服务器http://www.otherserver.com中 )
<script language="javascript" src="http://yourserver.com/service.php?token=342424adsasjdl34"></script>
In your service.php file (hosted on your server): 在您的service.php文件(位于服务器中)中:
$server = $_SERVER['SERVER_NAME']; // =www.otherserver.com
$apitoken = $_GET['token']; // the token 342424adsasjdl34 (don't forget to make it safe!)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.