Prismic-如何在不暴露访问令牌的情况下进行API调用 [英] Prismic - How to make API calls without exposing Access Token
问题描述
我正在构建一个Vue js Web应用程序,我想分别调用我的棱形存储库,但是我不知道如何在不暴露访问令牌的情况下进行操作.我正在此处. 有任何想法吗?
I'm building a vue js web app and I would like to make respective calls to the to my prismic repo, but I don't know how to do it without exposing my access token. I am using the rest api approach shown here. Any ideas?
http请求的语法如下.我想在我的Vue组件中执行此操作,而又不暴露access_token.
The http request syntax is as follows. I want to do this inside my vue components while not exposing the access_token.
在我的API/安全性设置中,我还获得了一个客户端ID和客户端密钥.我也不知道如何使用它们.
In my API/Security settings I'm also given a Client ID and Client Secret. I can't figure out how I can use these either.
谢谢
推荐答案
您必须将访问令牌存储在服务器上,并使其代表客户端处理请求.
You'd have to store your access token on your server and make it process the requests on behalf of the client.
最后,您将请求发送到服务器,而不是直接发送到prismic.io,然后服务器将发送访问令牌授权请求,获取所需内容,然后将其返回以响应客户端.
In the end, you'd send requests to your server instead of directly to prismic.io, your server will then send the access token authorized request, fetch whatever you need and return it back in response to the client.
工作流程如下:
- 客户端将请求发送到
http://localhost:8000/api/endpoint - 服务器将请求发送到与上述端点关联的
prismic.io端点. - 服务器获取
prismic.io响应并将其发送回客户端. - 客户端得到响应.
- Client sends request to i.e.
http://localhost:8000/api/endpoint - Server sends request to
prismic.ioendpoint associated with the above endpoint. - Server gets
prismic.ioresponse and sends it back to the client. - Client gets the response.
如果要在客户端隐藏访问令牌,则不可能.为了保护您的访问令牌,其他两个选项是:
If you want to hide your access token client-side, then it's impossible. To protect your access token the other two options are:
- 让用户使用自己的
prismic.io访问令牌. - 仅允许授权用户访问.
- Make users use their own
prismic.ioaccess tokens. - Allow access only to authorized users.
上面的两个选项可能不是您想要的,因此只剩下设置代理服务器了.
The two options above are probably not what you want, so setting up a proxy server is what's left.
这篇关于Prismic-如何在不暴露访问令牌的情况下进行API调用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
