I am using Phil Sturgeon's & Chris Kacerguis Restful server (visit here https://github.com/chriskacerguis/codeigniter-restserver) and have a general question about the use of API KEYS. I am very new to APIs and the concepts.
How do KEYS work? There is a table called KEYS defined as follows:
| Default table schema:
| CREATE TABLE `keys` (
| `id` INT(11) NOT NULL AUTO_INCREMENT,
| `user_id` INT(11) NOT NULL,
| `key` VARCHAR(40) NOT NULL,
| `level` INT(2) NOT NULL,
| `ignore_limits` TINYINT(1) NOT NULL DEFAULT '0',
| `is_private_key` TINYINT(1) NOT NULL DEFAULT '0',
| `ip_addresses` TEXT NULL DEFAULT NULL,
| `date_created` INT(11) NOT NULL,
| PRIMARY KEY (`id`)
| ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
There are methods in a class called KEYS as follows:
index_put() // key created. builds a new key.
index_delete() // Remove a key from the database to stop it working.
level_post() // Update Key. Change the level.
suspend_post() // Update Key. Change the level.
regenerate_post() // Regenerate key. Remove a key from the database to stop it working.
As this package is not well documented and I am new to API, how does above work? For example, do I generate 1 key and insert it to the db permanently. Why is there a delete methods?
From my readings, it sounds like I generate an initial X-API-KEY for the app and then when the client uses a resource I would swap the X-API-KEY for another key using the KEYS class. I would delete it, too, but when? ... or am I all screwed up in my understanding?
答案 0 :(得分:1)
这里有很多好的问题。
“ KEYS如何工作?”
RESTful API服务可以为许多不同的用户提供服务,因此API密钥是用于授予对REST API的访问权限的单个密钥。这样,服务管理员可以授予或撤消对不同用户的访问权限,或修改授予每个用户的权限。
“为什么有删除方法?”
这是为了撤销对特定密钥的API访问。使用此功能可能有多种原因。 API用户可能违反了服务条款,或者如果它是一项付费服务,则他们的订阅已终止或被撤销。它允许管理员取消用户对API服务的访问。这也应该回答您的“何时?”问题。