如何使用验证密钥和秘密？ [英] How to use a key and secret for verification?

问题描述

在大多数的API，如Facebook和Bebo的使用有API，您必须获取密钥和密码，我只是想知道什么是做一个系统像这样的一些好的方法。我将使用PHP / MySQL的。

On most API's such as facebook and bebo to use there API you must get a Key and secret, I am just wondering what is some good methods of doing a system like this. I will be using PHP/MysQL.

我如何basicly验证用户密钥和密码都ok当应用程序发送有API请求？我想将它们存储在MySQL中，我将让他们存储在那里不管是什么，但我想知道如果有是不是打在每一个API命中DB验证过程比较好，其他方法吗？

How can I basicly verify a user key and secret are ok when there app sends there API request? I was thinking of storing them in mysql, which I will have them stored there no matter what but I was wondering if there is some other method that is better for the verification process, instead of hitting the DB on every single API hit?

推荐答案

如果关键是域和秘密，他们正在使用，你就不需要打分贝，以验证他们的加密方式。

If the key is an encrypted form of the domain and secret they're using, you wouldn't need to hit the db to verify them.

if ($key != encrypt($domain . $secret))
    // die

这篇关于如何使用验证密钥和秘密？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！