REST GET 请求、动词和 apikey [英] REST GET requests, verbs and apikey

问题描述

我想创建一个灵活的 API Rest 服务器.我将允许客户端使用 HTTP 或 APIKEY 进行身份验证.

I want to create a flexible API Rest server. I will allow the clients to authenticate using HTTP or an APIKEY.

我的问题是:将 apikey 添加到 GET 请求的正确方法是什么?我的问题是 apikey 污染了 url.

My question is: what is the correct way to add the apikey to a GET request? My problem is the apikey pollutes the url.

我想像这样:/book/1/apikey/s4cr4t ！

I imagine something like this : /book/1/apikey/s4cr4t !

推荐答案

在我看来，您应该只使用 Authorization 标头.这就是它的用途.

In my opinion you should only use the Authorization header. That's what it is there for.

把它放在 URL 中是个坏主意，因为:

Putting it in the URL is a bad idea because:

a) 正如你所说，它会污染 URL
b) 如果您决定使用 SSL 以确保安全，那么 API 仍将出现在日志文件中
c) 缓存最终会创建相同表示的多个副本，每个 api 键一个.

a) as you said it pollutes the URL
b) if you decide to go SSL for security then the API will still appear in log files
c) caches will end up creating multiple copies of the same representation, one for each api key.

有关创建自己的授权方案的更多信息，请访问 这里.

For more information on creating your own Authorization scheme go here.

这篇关于REST GET 请求、动词和 apikey的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！