weixin_33716557 2015-05-26 17:12 采纳率: 0%
浏览 79

如何使用php隐藏API密钥?

everyone. I'm trying to create league of legend api, but I need to hide the api key. I know there is no way to hide the key from the front-end, so this is how I did it, I'm not sure this is the best way to do it. Please help me!! Thanks!

HTML.file

var getID = function(playerName) {
  $.ajax({
    type: "POST",
    url:"test.php",
    dataType:'json', 
        data: {'url': "api/lol/na/v1.4/summoner/by-name/"+playerName+"?"},
    success: function(data){
       playerID = data[playerName].id;
       console.log(playerID);
    }
  });
};

So every time I'm calling ajax, I'm making a ajax request to the test.php file, and pass the url to it, then the php code will use the url to get request from the game server and send back the result to front-end.

test.php

<?php 
  header('Content-Type: application/json');

  $url = $_POST['url']; 

  $json = file_get_contents('https://na.api.pvp.net/'.$url.'api_key=key');

  $obj = json_decode($json);
  echo json_encode($obj, JSON_PRETTY_PRINT);
?>
  • 写回答

1条回答 默认 最新

  • weixin_33701294 2015-05-26 17:17
    关注

    As long as the Ajax request will only trigger for a valid, authenticated user with an established session this looks good. Otherwise, anyone could call it with arbitrary 'playerNames'.

    It will definitely prevent your API key from being exposed.

    评论

报告相同问题?