当它是请求头 [javascript nodeJS] 的一部分时如何获取 api 密钥? [英] How to fetch api key when it is a part of the request headers [javascript nodeJS]?

问题描述

我有一个站点的端点，例如单击此处'，我还嗅探了所需的 api 令牌和查看它的 auth 值.

I have endpoints to a site, e.g 'click here', I have also sniffed the api token needed and the auth value to view it.

如图所示，我想找出 api 令牌，而不必使用请求手动输入它.我怎么会做这个?P.S 实际上没有其他响应头提供此 API，但所有请求都需要成功执行.

As shown, I want to find out the api token without having to manually enter it in using a request. How would I got about doing this? P.S There is literally no other response headers that give this API, yet all requests need it to be successfully executed.

推荐答案

API 令牌是站点安全机制的一部分.如何使用它们取决于服务器端使用的技术类型.一些希望其他人使用其 API 的网站会披露相关文档.

The API tokens are part of the site's security mechanism. How to use those vary based on what kind of technique is being used on the server side. Some sites that want others to use their APIs disclose the documentation.

这是找到那些的唯一合法/道德方式.对于像 facebook 这样的网站，你只需要向他们注册你的应用程序，他们就会给你 API 密钥.有些网站要求 OAuth，有些网站只要求您将密钥作为 URL 参数包含在内.

Thats the only legal/moral way to find those. For sites like facebook, you just have to register your app with them and they give you API key. Some sites ask for OAuth, some just ask for you to include the key as URL parameter.

因此，合法/道德的方式是询问他们您如何访问他们的 API.

So the legal/moral way would be to ask them how you can access their APIs.

这篇关于当它是请求头 [javascript nodeJS] 的一部分时如何获取 api 密钥?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！