当它是请求标头[javascript nodeJS]的一部分时，如何获取api键? [英] How to fetch api key when it is a part of the request headers [javascript nodeJS]?

问题描述

我有站点的端点，例如'单击此处'，我还嗅探了所需的api令牌和用于查看它的auth值.

I have endpoints to a site, e.g 'click here', I have also sniffed the api token needed and the auth value to view it.

如图所示，我想找出api令牌，而不必使用请求手动输入它.我该怎么做呢? P.S实际上没有其他响应标头提供此API，但是所有请求都需要成功执行它.

As shown, I want to find out the api token without having to manually enter it in using a request. How would I got about doing this? P.S There is literally no other response headers that give this API, yet all requests need it to be successfully executed.

推荐答案

API令牌是站点安全机制的一部分.根据服务器端所使用的技术，使用这些方法的方式会有所不同.一些希望其他人使用其API的网站公开了该文档.

The API tokens are part of the site's security mechanism. How to use those vary based on what kind of technique is being used on the server side. Some sites that want others to use their APIs disclose the documentation.

那是找到这些的唯一法律/道德方式.对于facebook之类的网站，您只需向其注册您的应用程序，它们就会为您提供API密钥.有些网站要求OAuth，有些只是要求您将密钥作为URL参数.

Thats the only legal/moral way to find those. For sites like facebook, you just have to register your app with them and they give you API key. Some sites ask for OAuth, some just ask for you to include the key as URL parameter.

所以合法/道德的方式是问他们如何访问他们的API.

So the legal/moral way would be to ask them how you can access their APIs.

这篇关于当它是请求标头[javascript nodeJS]的一部分时，如何获取api键?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！