PHP API密钥生成器 [英] PHP API Key Generator

问题描述

有人知道PHP的任何API密钥生成器脚本/类吗?该类应该具有generate方法(该方法将生成一个密钥)和isValid()方法，以检查该密钥是否有效.

Does anyone know of any API key generator script/class for PHP? The class should have method generate, that would generate a key and isValid() method, to check if the key is valid.

推荐答案

有多种生成API密钥的方法.我根据应用程序使用了以下3种方法，

There are multiple ways to generate API keys. I've used following 3 methods depending on the applications,

1. Base62(随机).生成一个较大的安全随机数，并使用Base-62对其进行编码.密钥看起来像"w5vt2bjzf8ryp63t".这对于自配置系统很有用.您不必担心碰撞和不适当的按键.您必须检查数据库以了解密钥是否有效.

1. Base62(random). Generate a large secure random number and Base-62 encode it. The key looks like "w5vt2bjzf8ryp63t". This is good for self-provisioned system. You don't have to worry about collision and inappropriate keys. You have to check database to know if the key is valid.

Base62(MD5-HMAC(key，Normalize(referer))).如果仅允许来自一个站点的API，则此方法非常有用.只需检查规范化引用者的HMAC，您就会知道该密钥是否有效，没有数据库访问权限.您需要将HMAC密钥保密.

Base62(MD5-HMAC(key, Normalize(referer))). This works great if the API is only allowed from one site. Just check the HMAC of the normalized referer and you know if the key is valid, no database access. You need to keep the HMAC key secret to do this.

人类分配了友好名称，例如"example.com".如果要求API用户拥有一个域或他们是您的公司合作伙伴，那么这非常有用.

Human assigned friendly names like "example.com". This works great if API users are required to own a domain or they are your corporate partners.

请记住，API密钥没有安全性.这只是分配给您的API应用程序的名称.越来越多的人使用诸如"App ID"或"Dev ID"之类的术语来反映其真实含义.如果要保护协议安全，则必须分配另一个密钥，例如OAuth中的consumer_key/consumer_secret.

Please keep in mind that there is no security in API keys. It's just a name assigned to your API application. More and more people are using terms like "App ID" or "Dev ID" to reflect what it really is. You have to assign another secret key if you want secure your protocol, like consumer_key/consumer_secret in OAuth.

这篇关于PHP API密钥生成器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！