doutuo7156 2018-05-28 18:43 采纳率: 100%
浏览 66
已采纳

隐藏api密钥,php

I'm trying to hide my api key, so it is no accessible for quota reasons. The api just retrieves data that is recipes, so no credit card details etc is going on.

Ive been working on this for the past few days all day/night since Im pretty new to php, but it seemed stackoverflow in general was saying there needs to be some sort of proxy. This is what I created and I would like to know if it is secure enough.

App.js
// I make an axios post request to script.php, passing along a 'searchfield' value. Lets say its "apples"

script.php
// receives the 'searchfield' value, then initiates a curl request to the api with my keycode/searchfield etc.
// This returns the response for apples which is an array of objects back to App.js

my script.php looks along the lines of this, anything Im missing?

$ch = curl_init();
    $url = 'https://fake.com?api_key=1234';
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_URL,$url);
    $result=curl_exec($ch);
    curl_close($ch);
  • 写回答

1条回答 默认 最新

  • douyinzha5820 2018-05-28 18:52
    关注

    Since it is on the PHP Side of things which is a Server Side Language and is not viewable from the outside world you are good to go on the security thing as long you do have a user system in place. If you don't they can abuse this api key by just calling your file.

    So leaving the security way of things, it would be wise to store your api key to a constant, so on future requests you won't have to type it again, and in case you request a change of your api key, you won't have to change it from everywhere.

    There are also good libraries for consuming REST APIs, which you can search on the web.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥20 access中怎么分割分别获取一下图中的值
  • ¥15 keras_tcn已经安装成功,还是显示ModuleNotFoundError: No module named 'keras_tcn'
  • ¥15 类图中关联与聚合的区别
  • ¥15 ENVI高分五号去除云层的方法
  • ¥15 16进制数据如何得到奇偶校验位
  • ¥15 求合并两个字节流VB6代码
  • ¥15 Pyqt 如何正确的关掉Qthread,并且释放其中的锁?
  • ¥30 网站服务器通过node.js部署了一个项目!前端访问失败
  • ¥15 WPS访问权限不足怎么解决
  • ¥15 java幂等控制问题