API重点实施建筑 [英] Architecture of API Key Implementation

问题描述

我也许我错了，因为我很新的API密钥的基本面。请纠正我，如果我错了。

I might me wrong, as I am very new to API Key fundamentals. Please correct me if I am wrong.

我有一个的JavaScript 的前端，并在 PHP 后端应用程序（可以是任何技术）。我要揭露​​，从对AJAX后端应用程序的一些API。使第三方开发人员可以使用我的API，从他们的应用程序，而不必担心对后端的实际执行情况。

I have a JavaScript front-end, and a backend application in PHP(can be any technology). I want to expose some API from the backend application for AJAX. So that a third party developer could use my API from their application without worrying about the actual implementation on backend.

我会公开一个API密钥给开发者，所以，无论请求他让他的应用程序，使用API​​密钥，我可以保持一个记录它的API密钥访问该应用程序。

I will expose an API Key to the developer, so that whatever request he makes from his application, uses the API key and I can keep a record of which API key is accessing the application.

由于这是一个AJAX调用服务器，他存放在JS文件，我就给API密钥。

As it is an AJAX call to the server, he has the API key stored in the JS file that I'll give.

现在的问题是： 如果有人会用寻求到他有JS文件，人们可以很容易地得到它被设计用于其他应用程序的API密钥。我应该如何以安全的方式实现这一点。

The Question is: If someone would use seek into the JS file he has, one could easily get the API key which was designed for some other application. How should I implement this in a secured manner.

谁能帮助？

推荐答案

普通的JavaScript无法从最终用户隐藏，因为最终用户是一个执行code。

Plain javascript is not possible to hide from the end-user since the end-user is the one executing the code.

您可以使用模糊JavaScript但话又说回来总是有逆向工程的可能性。

You can use obfuscated javascript but then again there is always the possibility of reverse-engineering.

这篇关于API重点实施建筑的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！