检测从 Postman 发送的请求 [英] Detect Request sent from Postman

问题描述

我想请求使用 laravel 验证人们的 ID.由于它非常具有凭据，因此我只想在他们通过手机验证时才可使用它.
因此，必须防止从邮递员请求中验证 ID.
有没有办法检测到邮递员是否发送了请求?

I want to make a request to verify people's ID using laravel. Since it's very credential, I want to make it available only if they verify it from their mobiles.
So it must be prevented that the IDs are verified from postman request.
Is there a way to detect that a request is sent from postman or not?

任何想法都会非常感激:).
之前谢谢你

Any idea would be very appreaciated :).
Thank you before

推荐答案

Postman 倾向于发送名为 postman-token 之类的标头，因此如果存在这样的标头，您可以阻止请求.

Postman has a tendency to send a header called something like postman-token so you could block the request if such a header exists.

编辑注意这个header可以在postman设置中关闭

Edit Note that this header can be turned off in postman settingss

正如@EdwardChew 所写，这并不妨碍人们使用 postman/curl/python/其他任何东西.向端点添加身份验证是最好的方法.

As @EdwardChew wrote, this does NOT prevent people from using postman/curl/python/anything else. adding authentication to the endpoint is the best approach.

邮递员请求示例:

GET /api/car HTTP/1.1
Host: localhost:8080
Content-Type: application/json
cache-control: no-cache
Postman-Token: 05f5c492-3697-41b1-be0f-fb9bc4499b96

由于邮递员具有代码"功能，如果请求被阻止，很容易将其复制为 curl 命令:

Since postman has the "code" feature, if the request is blocked it is simple to copy it as a curl command:

curl -X GET 
  http://localhost:8080/api/car 
  -H 'Content-Type: application/json' 
  -H 'Postman-Token: e37790ea-a3a5-40cf-ac4c-b80184801f94' 
  -H 'cache-control: no-cache'

并删除带有 Postman-Token 标头的行.我通常在试验 API 时这样做.

and just deleting the line with the Postman-Token header. I normally do so when experimenting with APIs.

如果你查看 Laravel 文档，有一节关于授权:https://laravel.com/docs/5.8/api-authentication这将强制用户添加类似这样的标头令牌:Authorization: Bearer 8fyew8f9yefo7o9yg98gyr 然后您就可以验证调用者

If you look at the Laravel doucmentation, there is a section on authorization: https://laravel.com/docs/5.8/api-authentication which would force users to add a header token something like this: Authorization: Bearer 8fyew8f9yefo7o9yg98gyr and you would then be able to verify the caller

这篇关于检测从 Postman 发送的请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！