如何防止网站外的API调用 [英] How to prevent API calls outside a web site

问题描述

我有一个具有以下功能的网站:一个用户访问www.mysite.com/page.php.该页面上的Javascript对www.mysite.com/api.php进行ajax API调用，并在同一页面www.mysite.com/page.php

I have a web site with following functionality: An user comes to www.mysite.com/page.php. Javascript on that page makes ajax API call to www.mysite.com/api.php and shows results on the same page www.mysite.com/page.php

我担心有人开始在自己的软件上使用api.php的情况，因为使用www.mysite.com/api.php会花我一些钱.因此，我希望只有访问过页面www.mysite.com/page.php的用户才能从www.mysite.com/api.php获得有效结果.用户将无法以任何方式登录到我的网站.

I'm afraid of situation where somebody starts to use my api.php on own software, because using www.mysite.com/api.php costs me a bit money. Therefore I want that only users that have visited the page www.mysite.com/page.php can get valid results from www.mysite.com/api.php . There won't be any way for users to log in to my web site.

什么是正确的方法?我想我可以在用户访问 page.php 时启动会话，然后以某种方式首先检查 api.php 是否存在具有有效会话ID的会话? >

What would be the right way to do this? I guess I could start a session when an user comes to page.php and then somehow maybe first check on api.php that a session with valid session id exists?

推荐答案

如果只希望用户在使用api.php之前先访问page.php，那么会话就是解决之道.

If you just want the user to visit page.php before using api.php, the session is the way to go.

这篇关于如何防止网站外的API调用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！