I want to make an API interface
I want to make an API interface
It’s very simple, just write a class or method that can be accessed through the browser, and then output and return the corresponding data, usually in jsonformat
Api verification needs to consider two situations, one is the request from the client, and the other is the request from other services.
The simplest thing for client requests is to control cross-domain access, mainly by setting Access-Control-Allow-Origin.
The current mainstream idea of server-side verification is to give the service that is allowed access a secret, require the other party to generate a token according to certain rules, bring the token when accessing, and verify it locally.
The specific rules for generating tokens are designed based on the actual situation, generally including various encryption and encoding.
Just use token to verify. The process is as follows
1. The client first requests login with the account and password. A random string is generated after successful login, written into the database, and returned to the client.
2. The client uses the token to request protected resources
3. The server uses the token to search the database. If it is valid, continue the request, otherwise, return 401.
The client and the server respectively hold the same public key and the same set of algorithms to calculate the sign signature. This signature is dynamically calculated and carried every time the API is called. The server obtains the signature from the client before executing the interface. The public key is also used to calculate the signature for the terminal parameters, and the signatures are compared each time.
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
