HTTP 超文本傳輸協定區分 header 和 body 兩個部份,我們可以使用下列方式單獨取出 header 來查看
ben@ben-UX305CA:~$ curl --head https://jsonplaceholder.typicode.com/posts/1 HTTP/1.1 200 OK Date: Fri, 21 Jul 2017 02:09:10 GMT Content-Type: application/json; charset=utf-8 Content-Length: 292 Connection: keep-alive Set-Cookie: __cfduid=d202b5717ee9bfe89c339aa98c18de2141500602950; expires=Sat, 21-Jul-18 02:09:10 GMT; path=/; domain=.typicode.com; HttpOnly X-Powered-By: Express Vary: Origin, Accept-Encoding Access-Control-Allow-Credentials: true Cache-Control: public, max-age=14400 Pragma: no-cache Expires: Fri, 21 Jul 2017 06:09:10 GMT X-Content-Type-Options: nosniff Etag: W/"124-yiKdLzqO5gfBrJFrcdJ8Yq0LGnU" Via: 1.1 vegur CF-Cache-Status: HIT Server: cloudflare-nginx CF-RAY: 381a9dd9de540d73-SJC
如果我們自己開發 API 時,但又希望只有擁有合法的 API KEY 的使用者才能使用該 API,我們可以自訂 header 參數,把 API KEY 加到 header 裡面。
以下是 client 端的程式碼:
$url = 'http://172.17.0.11/apikey/'; // $query = urlencode('where={"steps":9243}'); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt( $ch, CURLOPT_HTTPHEADER, array( 'X-Parse-Application-Id: myApplicationID', 'X-Parse-REST-API-Key: myRestAPIKey', 'Content-Type: application/json' ) ); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $result = curl_exec($ch); curl_close($ch); echo $result;
再來我們可以在該 API 頁面先做簡單測試,看可不可以取得自訂的 header,因為 apache 版本的關係,建議使用方法1 比較方便。
以下是 Server API 端的程式碼:
方法1:
$header = apache_request_headers(); echo '<pre>'; print_r($header); echo '</pre>'; die();
方法1 結果:
Array ( [Host] => 172.17.0.11 [Accept] => */* [X-Parse-Application-Id] => myApplicationID [X-Parse-REST-API-Key] => myRestAPIKey [Content-Type] => application/json )
方法2:
echo '<pre>'; print_r($_SERVER); echo '</pre>'; die();
方法2 結果:(注意-變成_,且前面自動加入HTTP)
Array ( [HTTP_HOST] => 172.17.0.11 [HTTP_ACCEPT] => */* [HTTP_X_PARSE_APPLICATION_ID] => myApplicationID [HTTP_X_PARSE_REST_API_KEY] => myRestAPIKey [CONTENT_TYPE] => application/json [PATH] => /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [SERVER_SIGNATURE] => Apache/2.2.15 (CentOS) Server at 172.17.0.11 Port 80 [SERVER_SOFTWARE] => Apache/2.2.15 (CentOS) [SERVER_NAME] => 172.17.0.11 [SERVER_ADDR] => 172.17.0.11 [SERVER_PORT] => 80 [REMOTE_ADDR] => 172.17.0.11 [DOCUMENT_ROOT] => /var/www/html [SERVER_ADMIN] => root@localhost [SCRIPT_FILENAME] => /var/www/html/apikey/index.php [REMOTE_PORT] => 45894 [GATEWAY_INTERFACE] => CGI/1.1 [SERVER_PROTOCOL] => HTTP/1.1 [REQUEST_METHOD] => GET [QUERY_STRING] => [REQUEST_URI] => /apikey/ [SCRIPT_NAME] => /apikey/index.php [PHP_SELF] => /apikey/index.php [REQUEST_TIME_FLOAT] => 1500603476.817 [REQUEST_TIME] => 1500603476 )
一旦可以順利取得值後,我們就可以用來判斷是否有權限來執行該 API,甚至可以利用資料庫來增加 API KEY 的使用期限,一旦過期就無法使用等功能。