weixin_33716557 2015-05-26 17:12 采纳率: 0%
浏览 79

如何使用php隐藏API密钥?

everyone. I'm trying to create league of legend api, but I need to hide the api key. I know there is no way to hide the key from the front-end, so this is how I did it, I'm not sure this is the best way to do it. Please help me!! Thanks!

HTML.file

var getID = function(playerName) {
  $.ajax({
    type: "POST",
    url:"test.php",
    dataType:'json', 
        data: {'url': "api/lol/na/v1.4/summoner/by-name/"+playerName+"?"},
    success: function(data){
       playerID = data[playerName].id;
       console.log(playerID);
    }
  });
};

So every time I'm calling ajax, I'm making a ajax request to the test.php file, and pass the url to it, then the php code will use the url to get request from the game server and send back the result to front-end.

test.php

<?php 
  header('Content-Type: application/json');

  $url = $_POST['url']; 

  $json = file_get_contents('https://na.api.pvp.net/'.$url.'api_key=key');

  $obj = json_decode($json);
  echo json_encode($obj, JSON_PRETTY_PRINT);
?>
  • 写回答

1条回答 默认 最新

  • weixin_33701294 2015-05-26 17:17
    关注

    As long as the Ajax request will only trigger for a valid, authenticated user with an established session this looks good. Otherwise, anyone could call it with arbitrary 'playerNames'.

    It will definitely prevent your API key from being exposed.

    评论

报告相同问题?

悬赏问题

  • ¥20 Yolov5训练报错
  • ¥15 Unity发布gzip压缩的webgl之后让浏览器可以正常显示画面
  • ¥15 有没有人知道这种提示怎么关?现在不做ts项目了不知道咋关了,求解,现在我以前的js项目都是这种提示了
  • ¥15 为什么mysql做了碎片化处理data_free还是很高
  • ¥15 single positional indexer is out-of-bounds
  • ¥15 LSTM 模型数据量需要多少?
  • ¥15 mysql数据抓包开发报表
  • ¥15 linux系统下安装office打不开
  • ¥20 rsync脚本分发错误,文件不齐全
  • ¥15 labview顺序结构与时间延时