How does the PHP interface control access?

I was reading a novel in Chuangshi yesterday and I suddenly wanted to take a look at their interfaces
Press F12 to call the web page interface. Can’t the console display which interfaces are called? Then click on it to see the parameters and return values
But the interface of the GET method? Direct access is returned as illegal access
How to implement this kind of control?
(I don’t know what language their backend is, I’m learning PHP)

Reply content:

I was reading a novel in Chuangshi yesterday and I suddenly wanted to take a look at their interfaces

Press F12 to call the web page interface. Can’t the console display which interfaces are called? Then click on it to see the parameters and return values
But the interface of the GET method? Direct access is returned as illegal access
How to implement this kind of control?
(I don’t know what language their backend is, I’m learning PHP)

I guess that request may have verified the HTTP referer. If you access it directly, this HTTP header has no value.

Another way is to do some kind of verification in the GET, which only allows access once. If you access it again, you will be prompted for illegal access.

It is recommended that the subject post the interface URL so that I can further help you.

Permissions have been added to the interface. We now have permissions added to the key interfaces of the webserver’s API, otherwise it would be unsafe

@ The little snail that flies the plane is right, it just verified the referer. Another point is that it must be accessed in ajax mode. When requesting, add the following header

<code>Accept: application/json, text/javascript, */*; q=0.01
Referer: 域名
X-Requested-With: XMLHttpRequest</code>

You can access

php smoothly. Use get_headers() to get the header information, and then verify it

Of course, you must have permission to access, or add a token. Anyone can access it. It is not safe. The page wastes server resources and increases the burden on the server