Is there any way to supply key/value parameters of my choice in the headers of a GET request?
Or should I use a POST request for that - even if my request is purely about retrieving information?
Background: I have a RESTful API that requires a key
parameter. I want to use this API as the back-end for a JavaScript application on the same domain. However, I don't want users of the web app to be able to see and steal the key
parameter, which they would if the key
parameter was supplied as a GET parameter.
I think since my site is served over HTTPS, if I put the key
parameter in the header, it will be invisible to the web app user, and that gets around my problem.
invisible is probably not possible..
you can do this in Three ways.
Either you use Salt and hash for generating random key using sha256/512 and some random secret key in your app and pass through GET request.
or can use POST request for same.(easiest method).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.