Checksums in REST API responses_问答_开发者_运维开发者技术经验分享

开发者 https://www.devze.com 2023-03-16 19:27 出处：网络

Is it a good idea to send a checksum with the content of the response? And if so, what is the most common way to calculate the che开发者_开发技巧cksum?

相关专题：php rest

Is it a good idea to send a checksum with the content of the response? And if so, what is the most common way to calculate the che开发者_开发技巧cksum?

Example:

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 21:32:20 GMT
Server: Apache
Connection: close
Content-Type: application/json

22 
{test:1}

The underlying protocol for HTTP is TCP which already has a checksum mechanism, so I think it would be useless.

If you still need this kind of thing you could calculate a SHA1 signature of the body content and include it as a custom header in your response, something like

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 21:32:20 GMT
Server: Apache
Connection: close
Content-Type: application/json
X-Checksum: 40325305549f7a09edb51ff8df9528ffd8434ac6

You could always use the Content-MD5 header (see RFCs 2616 & 1864).

For what? Basically TCP pretty much handles that for you (since it's supposed to be a reliable protocol), so a checksum is less necessary and arguably redundant.

However, if you were to insist on it, I'd simply add an X-Checksum HTTP header of some kind.