I'm trying to hide my api key, so it is no accessible for quota reasons. The api just retrieves data that is recipes, so no credit card details etc is going on.
Ive been working on this for the past few days all day/night since Im pretty new to php, but it seemed stackoverflow in general was saying there needs to be some sort of proxy. This is what I created and I would like to know if it is secure enough.
App.js
// I make an axios post request to script.php, passing along a 'searchfield' value. Lets say its "apples"
script.php
// receives the 'searchfield' value, then initiates a curl request to the api with my keycode/searchfield etc.
// This returns the response for apples which is an array of objects back to App.js
my script.php looks along the lines of this, anything Im missing?
$ch = curl_init();
$url = 'https://fake.com?api_key=1234';
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_URL,$url);
$result=curl_exec($ch);
curl_close($ch);
答案 0 :(得分:1)
Since it is on the PHP Side of things which is a Server Side Language and is not viewable from the outside world you are good to go on the security thing as long you do have a user system in place. If you don't they can abuse this api key by just calling your file.
So leaving the security way of things, it would be wise to store your api key to a constant, so on future requests you won't have to type it again, and in case you request a change of your api key, you won't have to change it from everywhere.
There are also good libraries for consuming REST APIs, which you can search on the web.