我有一个代码,我知道如何使用链接执行某些API调用,它看起来像这样
<a class="btn btn-default" href="https://testapi.internet.bs/Domain/Transfer/Initiate?ApiKey='.$user.'&Password='.$pass.'&Domain='.$domain.$ext.'" role="button">Restart Transfer</a>
这样可行,但在页面上当然会显示ApiKey =(actualKey)以及用户和PASSWORD,这不是我想要的。我理解这是它在链接中的工作方式,但我怎样才能用一个按钮来实现。
<form method="post" action="">
<button type="submit" class="btn btn-warning btn-lg btn-block" name="restartTransfer">Restart Transfer</button>
</form>
我猜测PHP的动作如(不说这是方式,任何方式都是使用php,jquery或javascript赞赏)
if(isset($_POST['restartTransfer'])) {
}
现在我确实这样做了
$(document).ready(function(){
$("button[name = 'restartTransfer']").click(function(){
window.location = "https://testapi.internet.bs/Domain/Transfer/Initiate?ApiKey=<?php print $user;?>&Password=<?php print $pass;?>&Domain=<?php print $domain;?>";
});
});
但是这并没有隐藏它,这只是启动显示API密钥用户的Web浏览器窗口并传递..
如何在按钮按钮中隐藏API信息(如果可能,在同一页面中)
这个想法将是
谢谢。
答案 0 :(得分:2)
这可能会隐藏浏览器地址栏中用户的实际网址。但是,它不会通过分析网络请求或查看网页源来保护凭据不被查看。我建议使用PHP代理使其更安全。
$("button[name='restartTransfer']").click(function() {
$.ajax({
url: "https://testapi.internet.bs/Domain/Transfer/Initiate?ApiKey=<?php print $user;?>&Password=<?php print $pass;?>&Domain=<?php print $domain;?>",
type: 'GET',
dataType: 'text/plain',
success: function(data) {
$('#message').text(data); // print results
},
error: function(xhr) {
console.log('Error', xhr);
}
});
});
答案 1 :(得分:0)
使用curl你可以用php
来保证安全<?php
类EBCommon { 公共函数调用($ sessionId,$ sessionInfo,$ realUser,$ url,$ parameters) { $ apiUrl =&#34; http://mycompany.edubrite.com/oltpublish/site/&#34 ;; $ curl_request = curl_init();
curl_setopt($curl_request, CURLOPT_URL, $apiUrl . $url);
curl_setopt($curl_request, CURLOPT_HEADER, 1);
curl_setopt($curl_request, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl_request, CURLOPT_POSTFIELDS, $parameters);
if($sessionId != null){
$cookieStr = "SESSION_ID=" . $sessionId;
if($sessionInfo != null){
$cookieStr .= "; SESSION_INFO=" . $sessionInfo;
}
//print($cookieStr . "\n");
curl_setopt($curl_request, CURLOPT_COOKIE, $cookieStr);
if($realUser != null){
$headerStr = array("REAL_UNAME: ".$realUser);
curl_setopt($curl_request, CURLOPT_HTTPHEADER, $headerStr);
}
}
$response = curl_exec($curl_request);
//print($response);
$error = curl_error($curl_request);
$result = array(
'body' => '',
'error' => '',
'http_code' => '',
'session_info' => '',
'session_id' => ''
);
if ( $error != "" )
{
$result['error'] = $error;
return $result;
}
$header_size = curl_getinfo($curl_request,CURLINFO_HEADER_SIZE);
$header = substr($response, 0, $header_size);
$result['body'] = substr( $response, $header_size );
$result['http_code'] = curl_getinfo($curl_request,CURLINFO_HTTP_CODE);
curl_close($curl_request);
preg_match_all('/Set-Cookie:\s{0,}(?P<name>[^=]*)=(?P<value>[^;]*).*?$/im', $header, $cookies, PREG_SET_ORDER);
foreach ($cookies as $match) {
if($match["name"] == "SESSION_ID"){
$result['session_id'] = $match["value"];
}
if($match["name"] == "SESSION_INFO"){
$result['session_info'] = $match["value"];
}
}
return $result;
}
} ?&GT;