Instagram如何锁定其照片上传专用API端点?
[英]How does Instagram lock down their photo upload private API endpoint?
问题描述
I'm in the process of building a REST API for a mobile application I'm working on. 
我正在为正在处理的移动应用程序构建REST API。 Like Instagram, I'm considering locking down some of the endpoints such that they would only be accessible from my mobile app (like their photo upload endpoints). 像Instagram一样,我正在考虑锁定某些端点,以便只能从我的移动应用程序(如其照片上传端点)访问它们。
Has anyone have any insight as to how they locked down certain endpoints to only their app? 是否有人对如何将某些端点锁定到仅其应用程序有任何见解? I imagine a possible solution was the use of a shared secret to sign these specific requests and have it verified server-side before processing the upload. 我想象一个可能的解决方案是使用共享密钥对这些特定请求进行签名,并在处理上载之前使其在服务器端经过验证。
1 个解决方案
解决方案1
2 2013-07-12 15:46:33
It looks like they 看起来像他们
- Check the request header for User-Agent == "Instagram" 检查User-Agent ==“ Instagram”的请求标头
- Check that there is a valid authentication cookie set 检查是否设置了有效的身份验证Cookie
- Sign the body of their requests with some sort of hash. 用某种哈希对请求的主体进行签名。
I'm not sure how the hash is created. 我不确定如何创建哈希。
Check this out for some of the documentation, but it looks like the authentication section has been blanked out. 请查阅此文档以获取一些文档,但似乎认证部分已被清空。
https://github.com/mislav/instagram/wiki https://github.com/mislav/instagram/wiki
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.