有没有一种方法来检测从源的API被调用？ [英] Is there a way to detect from which source an API is being called?

问题描述

有没有以确定从哪个源的API调用的方法？源是指iPhone应用程序，Web应用程序就像一个网页或单击按钮（Ajax调用等）。

Is there any method to identify from which source an API is called? source refer to IOS application, web application like a page or button click( Ajax calls etc).

虽然，节能标志，如（？=来源iOS或？源= Web应用程序），同时呼吁API可以做到的，但我只是想知道有没有其他更好的选择，做到这一点？

Although, saving a flag like (?source=ios or ?source=webapp) while calling api can be done but i just wanted to know is there any other better option to accomplish this?

我也觉得这个要求很奇怪，因为一般一个应用程序或Web应用程序所使用的用户数为n所以很难监测这些众多的API调用。

I also feel this requirement is weird, because in general an App or a web application is used by n number of users so it is difficult to monitor those many API calls.

请给您的宝贵建议。

推荐答案

有就是解决这个不完美的方式。指定一个特殊的标志也不会解决你的问题，因为消费者可以把任何她想做，如果它是合法与否，你不能确定。如果你发出不同消费者不同的API密钥，同样如此 - 你永远不知道，如果他们决定改用起来

There is no perfect way to solve this. Designating a special flag won't solve your problem, because the consumer can put in whatever she wants and you cannot be sure if it is legit or not. The same holds true if you issue different API keys for different consumers - you never know if they decide to switch them up.

这是我想到的唯一的选择是分析HTTP头，看看你可以从中推导出什么。正如你可能知道一个典型的HTTP标头看起来是这样的：

The only option that comes to my mind is to analyze the HTTP header and see what you can deduce from it. As you probably know a typical HTTP header looks something like this:

您可以试试，看看来自所有来源的要求如何在不同的情况下，决定你是否能可靠地区分它们。如果你有开发客户端的奢侈品（即这不是一个公共API），可以为不同的来源设置自定义用户代理字符串。

You can try and see how the requests from all sources differ in your case and decide if you can reliably differentiate between them. If you have the luxury of developing the client (i.e. this is not a public API), you can set your custom User-Agent strings for different sources.

但请记住，介绍人不是强制性的，因此它是不是很可靠，用户代理也可以欺骗。所以这是一个解决方案，有总比没有好，但它不是100％可靠的。

But keep in mind that Referrer is not mandatory and thus it is not very reliable, and the user agent can also be spoofed. So it is a solution that is better than nothing, but it's not 100% reliable.

希望这有助于，也在这里是类似的问题。祝你好运！

Hope this helps, also here is a similar question. Good luck!

这篇关于有没有一种方法来检测从源的API被调用？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！