API Key implementation on a Django backend
Question
I'm implementing a simple API using a Django back-end and want to support access control using API keys.
As is the standard, the protocol will use a combination of a private key and a public identifier to authenticate the request. The public identifier, data and hash(data+private key) will be sent to the server. The server will then duplicate the hashing function using the private key stored in the database and if the hashes match then the request is authenticated.
My question is regarding the 'data' portion. Of course, the client and the server need to agree on what 'data' is, otherwise the hashes won't match. The protocol can simply dictate that the 'data' is the raw query string as sent by the browser. In that case, how do I retrieve the raw query-string from the Django view (it parses it in a QueryDict thus losing the sequence information)?
Or are there any other best practices that I am missing?
1 answers
solution1
0 2012-06-20 14:58:12
你总是可以得到通过原始查询数据request.body (或request.raw_post_data 1.4之前的版本)。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.