如何安全地使用api密钥 [英] How to securely use api key

问题描述

我将制作一个简单的网络应用程序.它最多只有几页，应用的主要重点是调用 api 并使用该信息执行操作.

I am going to make a simple web app. It will only have a few pages at most, and the main focus of the app is making calls to an api and doing stuff with that info.

我想知道保持我的 api 密钥安全的最佳方法是什么.是否有我可以使用的极其轻量级的框架?我应该在根目录创建一个 php 页面吗?我可以使用 codeigniter 构建一些东西，但这对于我需要的东西来说似乎太多了.

I want to know what the best way is to keep my api key secure. Are there extremely lightweight frameworks that I can use for this? Should I just create a php page at the root? I could build something with codeigniter, but that seems like it is too much for what I need.

推荐答案

将 API 密钥保存在 Web 根目录之外的文件中.然后将该文件包含在需要使用它的任何文件中.将其置于 Web 根目录之外，就无法通过 Web 浏览器或其他类似方式直接访问它.

Keep the API key in a file outside of your web root. Then include that file in any file that will require its use. By placing it outside of the web root it cannot be accessed directly through a web browser or other similar means.

<?php
    // Assuming this file is in the web root
    require('../api_keys.php');

这篇关于如何安全地使用api密钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！