If a website has a public facing front that consumes an API, and there's also a backend for users with more powerful roles that also consumes an API, should both parts of the site use the same API or different APIs (eg: /api/v1/resourceName vs /api/admin/resourceName)?
1条回答 默认 最新
dtvnbe1428 2013-07-27 01:53关注This really depends on your situation. If your private endpoints absolutely must remain private, then separate APIs is the only absolute solution. In general, that seems like overkill. For most situations, I would suggest maintaining a single API and designing your private endpoints with security in mind from the beginning.
Separate API's
- You have to maintain two code bases, or at least port parts of your private API to a public system.
- You have to maintain two production API systems.
- Better Security: public clients will not be able to access private internal resources on your API, even if user keys / passwords / etc. are breached, or there is an error in the way your public facing API handles security.
The Same API
- One codebase and one server.
- Security will be more important. You must make sure public clients can't access internal resources. Security breaches, or oversights on security on your private endpoints could cause serious problems.
本回答被题主选为最佳回答 , 对您是否有帮助呢?解决 无用评论 打赏举报
分享
- 2013-07-27 00:48回答 1 已采纳 This really depends on your situation. If your private endpoints absolutely must remain private,
- 2018-06-12 09:34回答 2 已采纳 This way works: func main() { // ... r := gin.Default() r.Use(cors.New(co
- 2015-10-02 23:45回答 1 已采纳 If you need the documentation to be unique just override the methods and call parent::{methodName}
- 2020-12-22 12:35独立开发者张张的博客 我们知道,两个单独的应用程序需要中介程序才能相互通信。因此,开发人员通常会搭建桥梁(应用程序编程接口),以允许一个系统访问另一个系统的信息或功能。 为了快速、大规模地集成应用程序,API是使用协议或规范...
- 2019-02-01 13:07回答 1 已采纳 If you have a single endpoint/rpc that has to accept different JSON types, you'll need to tell it
- 2019-02-21 09:41回答 1 已采纳 Golang has the abstraction of io.Reader which encapsulates almost anything that can be read in bin
- 2019-06-25 16:51回答 1 已采纳 All of the 3 following options are supported in the following precedence order: Command line arg
- 2019-01-28 13:25hellozhxy的博客 当时还没有可以支持前端的 API,因为从一开始,Web 应用程序就是一个.NET 大单体。西雅图的 API 团队在将拆分单体,并逐步暴露出 RESTful API。这个 API 团队由两名工程师组成,发布周期为一个月,而我们在旧金山的...
- 2023-04-06 00:47回答 2 已采纳 chatgpt:在机械臂关节空间轨迹规划中,使用B样条和准均匀B样条确实存在一些区别。B样条曲线是由一系列控制点以及次数决定的曲线,可以通过控制点的位置和次数来调整曲线的形状。而准均匀B样条曲线则通过
- 2018-07-21 12:50回答 1 已采纳 You can define middleware for mux router, here is an example: func main() { port := ":3000"
- 2019-03-14 16:59回答 2 已采纳 So what actually ended up working for me was this. I didn't need Basic Auth (turned it off after
- 2019-01-21 09:57糖糖糖糖糖糖糖糖糖糖糖糖糖糖糖糖糖糖的博客 当时还没有可以支持前端的API,因为从一开始,Web应用程序就是一个.NET大单体。西雅图的API团队在将拆分单体,并逐步暴露出RESTful API。这个API团队由两名工程师组成,发布周期为一个月,而我们在旧金山的前端团队...
- 2016-10-10 13:10回答 1 已采纳 You could use file_get_contents and echo to screen like below: $html = file_get_contents('http://
- 2022-06-06 19:00寒冰屋的博客 在这篇文章中,您将看到一个关于如何(积极地)在您的API中防御XSS的建议。...如果您正在开发一个ASP.NET Web API项目并且没有采取措施来保护它免受XSS(跨站点脚本)的侵害,那么不幸的是,您手上有一个安全漏洞。...
- 2019-12-18 07:26dfsgwe1231的博客 适用于2019年流行前端框架和库的NPM下载 React再次成为顶级库并且仍在增长,而jQuery令人惊讶地排名第二。 紧随其后的是Angular和Vue都拥有热情的开发人员强大的用户群。 去年,斯维尔特(Svelte)受到了很多关注,...
- 2024-03-17 18:20Anislandwhale的博客 在 JavaScript 中,文档的预解析(也...缺点是可能会增加代码的复杂性和理解难度,需要开发者对预解析的规则有深入的了解。DOM,即文档对象模型,是一种编程接口,用于表示和操作 HTML 或 XML 文档的内容、结构和样式。
- 没有解决我的问题, 去提问
悬赏问题
- ¥15 公交车和无人机协同运输
- ¥15 stm32代码移植没反应
- ¥15 matlab基于pde算法图像修复,为什么只能对示例图像有效
- ¥100 连续两帧图像高速减法
- ¥15 组策略中的计算机配置策略无法下发
- ¥15 如何绘制动力学系统的相图
- ¥15 对接wps接口实现获取元数据
- ¥20 给自己本科IT专业毕业的妹m找个实习工作
- ¥15 用友U8:向一个无法连接的网络尝试了一个套接字操作,如何解决?
- ¥30 我的代码按理说完成了模型的搭建、训练、验证测试等工作(标签-网络|关键词-变化检测)