如何防止here.com api ID劫持? [英] How to prevent here.com api id hijacking?

查看:98
本文介绍了如何防止here.com api ID劫持?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我将使用here.com API.我为新的应用程序生成了api_id/api_code.这两个值必须附加到对API的每个请求中,并且如果在Web App中使用,则每个人都可以看到.

I'm about to use the here.com API. I generated a api_id/api_code for a new App. These two values must be appended to each request to the API and are, if used in a Web App, visible to everyone.

ID +代码未绑定到Google API密钥之类的URL,因此我看不到任何方法来防止任何人拿走我的ID +代码并将其用于刮板.由于API需要花钱,所以我想知道如何才能避免这种情况?

id+code are not bound to an URL like Google API keys, so I don't see any method to prevent anybody to take my id+code and using it for, lets say, scraping tiles. As the API costs money I wonder how I can prevent that?

http://developer.here.com/faqs 此处未提及任何有关密钥保护的内容. com似乎并不是真的想与开发人员交谈,所以我希望这个偏僻的问题不会被人们误以为是……

http://developer.here.com/faqs says nothing about protection of keys and here.com doesn't really seem to want to talk to developers, so I hope this metaish question dosn't get downvoted...

推荐答案

在您的HERE开发人员信息中心内,当您导航至项目并查看JavaScript/REST令牌时,会有一个复选框,其中显示针对特定的应用保护应用凭据域".

Within your HERE Developer Dashboard, when you navigate to a project and view your JavaScript / REST tokens, there is a checkbox that says "Secure app credentials against a specific domain".

https://developer.here.com/projects

通过将令牌锁定到特定域或一组域,可以保护它们免受恶意用户的侵害.如果有人窃取了您的令牌,则他们将无法使用令牌,因为请求需要来自您的域.

By locking the tokens to a particular domain or set of domains, they will be protected from malicious users. If someone steals your tokens, they won't be able to use them because the requests need to come from your domain.

希望这会有所帮助.

最好

这篇关于如何防止here.com api ID劫持?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆