Can call interface is now no matter who, one is that the data is not safe, 2 it is afraid of someone malicious attacks on the server, then how to deal with?

CodePudding user response:

Attestation + token

CodePudding user response:

1, Token authorized certification, to prevent unauthorized users to access data;

2, the timestamp timeout mechanism;

3, URL's signature, to prevent the request parameters been tampered with;

4, prevent replay, prevent the interface is the second request, the acquisition;

5, using the HTTPS protocol, prevent plaintext data transmission;