I have a PHP web application that I want to make accessible across multiple clients. So, I'm trying to make it more like an API. My question is: How would I handle the creation of new users using the API? If I have开发者_如何学Go a URL like http://example.com/user/signup which takes new user details and creates a new user via a POST request, wouldn't it be a problem that people can misuse it and create fake users easily?
i would recommend only allowing open id in the API, as it would be hard to implement bot preventing schemes into it (captcha ...)
anyway even open id isint that a great idea in the API are you sure you need registration available thru the API ?
What you need to do is use something like OAuth to authenticate access to your system from registered 'apps'. Then the clients can register for access and receive a token key and secret. Then they can use these things to create a request for an access token. Both parties sign the token using the secret and then they can use the encrypted access token to hit the API. Your server verifies the incoming token using the secret that only you and the authorized clients could have. Now it's secure.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论