如何安全地使用API​​密钥 [英] How to securely use api key

问题描述

我将做一个简单的Web应用程序。它只会最多有几页，以及应用程序的主要焦点正在调用的API，并用这些信息做的东西。

I am going to make a simple web app. It will only have a few pages at most, and the main focus of the app is making calls to an api and doing stuff with that info.

我想知道最好的办法就是保持我的API密钥安全的。是否有我可以使用这种极其轻量级的框架？如果我只是在创建根一个PHP页面？我可以建立与codeigniter的东西，但是，似乎是实在是太多了我需要的东西。

I want to know what the best way is to keep my api key secure. Are there extremely lightweight frameworks that I can use for this? Should I just create a php page at the root? I could build something with codeigniter, but that seems like it is too much for what I need.

推荐答案

请在文件中的API密钥您的Web根目录之外。然后包括在将要求其使用的任何文件，该文件。通过将其Web根以外它不能直接通过网络浏览器或其它类似的手段获得。

Keep the API key in a file outside of your web root. Then include that file in any file that will require its use. By placing it outside of the web root it cannot be accessed directly through a web browser or other similar means.

<?php
    // Assuming this file is in the web root
    require('../api_keys.php');

这篇关于如何安全地使用API​​密钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！