如何通过JSON安全地发送用户凭据

时间:2016-11-11 12:26:47

标签: json ajax ssl

我阅读了几篇关于安全地通过JSON发送请求的文章,大多数问题导致使用https(SSL)。

即使是SSL服务器,当我们通过ajax发送凭据时,也可以从html源代码查看它。(这是一个非常愚蠢的问题吗?我问,因为我不知道)。

有人可以用正确的方式指导我,如何使用JSON安全地向API发送请求。

以下是我的UPS示例代码:

<script>
$(document).ready(function() {
    //all variables are assigned before sending, I've trimmed the code
    var formData = { "UPSSecurity": { "UsernameToken": { "Username": "xxxxxx", "Password": "xxxxxx" }, "ServiceAccessToken": { "AccessLicenseNumber": "xxxxxxxxxx" } }, "ShipmentRequest": { "Request": { "RequestOption": "validate", "TransactionReference": { "CustomerContext": "Test" } }, "Shipment": { "Description": "Description", "Shipper": { "Name": "Test Name", "AttentionName": "xxxxxx", "TaxIdentificationNumber": "123456", "Phone": { "Number": "1234567890", "Extension": "1" }, "ShipperNumber": "xxxxxx", "FaxNumber": "1234567890", "Address": { "AddressLine": "2311 York Rd", "City": "Sebastopol", "StateProvinceCode": "CA", "PostalCode": "95473", "CountryCode": "US" } }, "ShipTo": { "Name": to_name, "AttentionName": to_name, "Phone": { "Number": to_Phone }, "Address": { "AddressLine": to_AddressLine, "City": to_City, "StateProvinceCode": to_StateProvinceCode, "PostalCode": to_PostalCode, "CountryCode": to_CountryCode } }, "ShipFrom": { "Name": from_name, "AttentionName": from_name, "Phone": { "Number": from_Phone }, "FaxNumber": "1234567890", "Address": { "AddressLine": from_AddressLine, "City": from_City, "StateProvinceCode": from_StateProvinceCode, "PostalCode": from_PostalCode, "CountryCode": from_CountryCode } }, "PaymentInformation": { "ShipmentCharge": { "Type": "01", "BillShipper": { "AccountNumber": "xxxxxx" } } }, "Service": { "Code": service_code, "Description": service_description }, "Shi8mentRatingOptions": { "NegotiatedRatesIndicator": "0" }, "Package": { "Description": "Description", "Packaging": { "Code": "02", "Description": "Description" }, "Dimensions": { "UnitOfMeasurement": { "Code": "IN", "Description": "Inches" }, "Length": length, "Width": width, "Height": height }, "PackageWeight": { "UnitOfMeasurement": { "Code": "LBS", "Description": "Pounds" }, "Weight": weight } } }, "LabelSpecification": { "LabelImageFormat": { "Code": "GIF", "Description": "GIF" } } } };

    $.ajax({
        type       : "POST",
        url        : "https://wwwcie.ups.com/rest/Ship",
        crossDomain: true,
        timeout    : 240000,
        contentType: 'application/json',
        data       : JSON.stringify(formData),
        dataType   : 'json',
        success    : function(response)
        {
            //process response
        }  
    }); 
}); 
</script>

如何通过保护我的用户凭据安全地发送此类请求。

感谢。

0 个答案:

没有答案