HTTP 超文本傳輸協定區分 header 和 body 兩個部份,我們可以使用下列方式單獨取出 header 來查看
ben@ben-UX305CA:~$ curl --head https://jsonplaceholder.typicode.com/posts/1 HTTP/1.1 200 OK Date: Fri, 21 Jul 2017 02:09:10 GMT Content-Type: application/json; charset=utf-8 Content-Length: 292 Connection: keep-alive Set-Cookie: __cfduid=d202b5717ee9bfe89c339aa98c18de2141500602950; expires=Sat, 21-Jul-18 02:09:10 GMT; path=/; domain=.typicode.com; HttpOnly X-Powered-By: Express Vary: Origin, Accept-Encoding Access-Control-Allow-Credentials: true Cache-Control: public, max-age=14400 Pragma: no-cache Expires: Fri, 21 Jul 2017 06:09:10 GMT X-Content-Type-Options: nosniff Etag: W/"124-yiKdLzqO5gfBrJFrcdJ8Yq0LGnU" Via: 1.1 vegur CF-Cache-Status: HIT Server: cloudflare-nginx CF-RAY: 381a9dd9de540d73-SJC
如果我們自己開發 API 時,但又希望只有擁有合法的 API KEY 的使用者才能使用該 API,我們可以自訂 header 參數,把 API KEY 加到 header 裡面。
以下是 client 端的程式碼:
$url = 'http://172.17.0.11/apikey/';
// $query = urlencode('where={"steps":9243}');
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt(
$ch,
CURLOPT_HTTPHEADER,
array(
'X-Parse-Application-Id: myApplicationID',
'X-Parse-REST-API-Key: myRestAPIKey',
'Content-Type: application/json'
)
);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($ch);
curl_close($ch);
echo $result;
再來我們可以在該 API 頁面先做簡單測試,看可不可以取得自訂的 header,因為 apache 版本的關係,建議使用方法1 比較方便。
以下是 Server API 端的程式碼:
方法1:
$header = apache_request_headers(); echo '<pre>'; print_r($header); echo '</pre>'; die();
方法1 結果:
Array
(
[Host] => 172.17.0.11
[Accept] => */*
[X-Parse-Application-Id] => myApplicationID
[X-Parse-REST-API-Key] => myRestAPIKey
[Content-Type] => application/json
)
方法2:
echo '<pre>'; print_r($_SERVER); echo '</pre>'; die();
方法2 結果:(注意-變成_,且前面自動加入HTTP)
Array
(
[HTTP_HOST] => 172.17.0.11
[HTTP_ACCEPT] => */*
[HTTP_X_PARSE_APPLICATION_ID] => myApplicationID
[HTTP_X_PARSE_REST_API_KEY] => myRestAPIKey
[CONTENT_TYPE] => application/json
[PATH] => /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
[SERVER_SIGNATURE] =>
Apache/2.2.15 (CentOS) Server at 172.17.0.11 Port 80
[SERVER_SOFTWARE] => Apache/2.2.15 (CentOS)
[SERVER_NAME] => 172.17.0.11
[SERVER_ADDR] => 172.17.0.11
[SERVER_PORT] => 80
[REMOTE_ADDR] => 172.17.0.11
[DOCUMENT_ROOT] => /var/www/html
[SERVER_ADMIN] => root@localhost
[SCRIPT_FILENAME] => /var/www/html/apikey/index.php
[REMOTE_PORT] => 45894
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.1
[REQUEST_METHOD] => GET
[QUERY_STRING] =>
[REQUEST_URI] => /apikey/
[SCRIPT_NAME] => /apikey/index.php
[PHP_SELF] => /apikey/index.php
[REQUEST_TIME_FLOAT] => 1500603476.817
[REQUEST_TIME] => 1500603476
)
一旦可以順利取得值後,我們就可以用來判斷是否有權限來執行該 API,甚至可以利用資料庫來增加 API KEY 的使用期限,一旦過期就無法使用等功能。