Shulou(Shulou.com)06/02 Report--

This article mainly introduces "how to solve the failure of php api security verification". In the daily operation, I believe that many people have doubts about how to solve the problem of failure of php api security verification. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts of "how to solve the failure of php api security verification". Next, please follow the editor to study!

Solutions to the failure of php api security verification: 1, use a PHP file instead of the foreground; 2, simulate GET requests through CURL; 3, accept foreground data for verification.

The operating environment of this paper: Windows7 system, PHP7.1, Dell G3.

What if php api security verification fails? Api interface of php

In practical work, using PHP to write the api interface is often done, after PHP writes the interface, the foreground can get the data provided by the interface through the link, and the returned data is generally divided into two cases, xml and json, in this process, the server does not know what the source of the request is, it is possible that someone else illegally called our interface to obtain data, so we have to use security authentication.

Schematic diagram of verification principle

Principle

As you can see from the figure, if the foreground wants to call the interface, it needs to use several parameters to generate a signature.

Timestamp: current time

Random number: random number generated randomly

Password: when developing foreground and background, an identification known by both parties is equivalent to a code.

Algorithm rules: agreed operation rules, the above three parameters can use the algorithm rules to generate a signature.

The foreground generates a signature, and when you need to access the interface, the timestamp, random number, and signature are passed to the background through URL. The backend gets the timestamp, and after the random number, the signature is calculated by the same algorithm rule, and then compared with the passed signature. In the same case, the data is returned.

Algorithm rule

In the interaction between foreground and background, it is very important to calculate the laws and regulations. Both the foreground and backstage have to calculate the signature through the algorithm rules. As for how the rules are made, it depends on how you like them.

The rule of my algorithm is

Timestamps, random numbers, passwords sorted in uppercase and lowercase order

And then spliced into a string.

Perform sha1 encryption

And then MD5 encryption.

Convert to uppercase.

Front Desk

I don't have an actual foreground here, just use a PHP file instead of the foreground, and then simulate the GET request through CURL. I use the TP framework and the URL format is in pathinfo format.

source code

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.