REST GET请求，动词和apikey [英] REST GET requests, verbs and apikey

问题描述

我想创建一个灵活的API REST服务器。我将允许客户通过使用HTTP或APIKEY进行身份验证。

I want to create a flexible API Rest server. I will allow the clients to authenticate using HTTP or an APIKEY.

我的问题是：什么是对apikey添加到一个GET请求的正确方法？我的问题是apikey污染的URL。

My question is: what is the correct way to add the apikey to a GET request? My problem is the apikey pollutes the url.

我想是这样的：/电子书/ 1 / apikey / s4cr4t！

I imagine something like this : /book/1/apikey/s4cr4t !

推荐答案

在我看来，你应该只使用Authorization头。这就是它是有什么。

In my opinion you should only use the Authorization header. That's what it is there for.

把它的URL是一个糟糕的主意，因为：

Putting it in the URL is a bad idea because:

A）如你所说它污染了URL结果
 b）如果您决定去SSL安全则API仍将出现在日志文件中搜索
 C）高速缓存最终将建立同样的再presentation，每个API密钥的多个副本。

a) as you said it pollutes the URL
b) if you decide to go SSL for security then the API will still appear in log files
c) caches will end up creating multiple copies of the same representation, one for each api key.

有关创建您自己的授权方案去了解更多信息这里。

For more information on creating your own Authorization scheme go here.

这篇关于REST GET请求，动词和apikey的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！