精华内容
下载资源
问答
  • API密钥

    千次阅读 2015-11-02 11:30:00
    什么是API密钥?  答:在api调用时,用来按照指定规则对您的请求参数进行签名,服务器收到你的请求时会进行签名验证,即可以界定你的身份也可以防止其他人通过某种手段恶意篡改你的请求数据。   密钥的使用? ...

    什么是API密钥?

      答:在api调用时,用来按照指定规则对您的请求参数进行签名,服务器收到你的请求时会进行签名验证,即可以界定你的身份也可以防止其他人通过某种手段恶意篡改你的请求数据。

     

    密钥的使用?

      答:密钥可以附在URL后面,然后去调用api接口,也可以用头部header方式添加到header中,然后再去调用api接口。

    展开全文
  • it-project-code-unorganised 你必须在你的代码中添加一些 api 密钥才能工作,为了安全起见,我已经删除了我的 api 密钥,所以你添加了 api 密钥
  • 商户密钥和api密钥Similar to the SSL keys, API keys too are being considered to be an important factors for strengthening security in Cloud Hosting environment. 与SSL密钥相似,API密钥也被视为增强Cloud...

    商户密钥和api密钥

    Similar to the SSL keys, API keys too are being considered to be an important factors for strengthening security in Cloud Hosting environment.

    与SSL密钥相似,API密钥也被视为增强Cloud Hosting环境中安全性的重要因素。

    There have been a lot of concerns and disagreements about the data Security in Cloud. Hence there are many new advancements that are happening with an interest of improving the data security in Cloud. Many enterprises have started to make use of some form of API keys for accessing the cloud services. Therefore, protecting the API keys has become crucial as well. The information described in this article, would help understand the issues that comes without an invitation when protecting API keys, and offer few solutions to these concerns.

    对云中的数据安全性存在很多担忧和分歧。 因此,为了改善Cloud中的数据安全性,正在发生许多新进展。 许多企业已开始使用某种形式的API密钥来访问云服务。 因此,保护​​API密钥也变得至关重要。 本文中描述的信息将帮助您理解保护API密钥时不需邀请的问题,并针对这些问题提供很少的解决方案。

    The crucially important API Keys would be realized in the near future and enterprises would be able to better understand the necessity of protecting these keys. These keys FYI. would offer a direct access to your cloud hence the data stored in it. Incase an enterprise, firm or the company tends to overlook severity of managing the API’s, then it goes unsaid that they are inviting risks ie. (a) Users who are not authorized to access confidential information and (b) The increasing amount of credit card bills just because some unauthorized individual has got an access and the Cloud’s pay-per-use tracker is monitoring the resource consumption in your Public or Shared cloud.

    至关重要的API密钥将在不久的将来实现,企业将能够更好地了解保护这些密钥的必要性。 这些键仅供参考。 可以直接访问您的云,因此可以存储其中的数据。 如果一个企业,公司或公司倾向于忽视管理API的严重性,那么就不用说它们正在招致风险。 (a)未经授权访问机密信息的用户,以及(b)信用卡账单数量的增加,仅仅是因为某些未经授权的个人可以访问,并且Cloud的按使用情况付费跟踪器正在监视您的Public或共享云

    This is similar to having a credit card of yours without your knowledge or consent and making purchase.

    这类似于在您不知情或未同意的情况下拥有您的信用卡并进行购买。

    Most of the Cloud hosting services are being accessed via. a traditional web interfaces. While some others use a REST Web Services, which are also known as API’s. There is a similarity in the concepts that exists in the much heavier C++ or Visual Basis APIs of the past. But are bit more simpler and can be influenced via. Web page or even through a cell phone. Hence it can be noticed universally. To cut it short, the API Keys are brought to use for the purpose of accessing the Cloud services. Today with the increasing number of organisations using Cloud, more-and-more of them are getting connected to the cloud services through their own premises, further without their knowledge they are also getting connected to some other cloud of some other company. Therefore, it becomes even necessary that the connections are established securely.

    大多数的云托管服务都可以通过访问。 传统的Web界面。 有些则使用REST Web服务,也称为API。 过去使用的较重的C ++或Visual Basis API中存在的概念存在相似之处。 但是更简单一些,可以通过它来影响。 网页甚至通过手机。 因此,它可以被普遍注意到。 简而言之,为了访问云服务而使用了API密钥。 如今,随着越来越多的组织使用云计算,越来越多的组织通过自己的场所连接到云服务,而且在不知情的情况下,他们也正在连接到其他公司的其他云。 因此,甚至必须安全地建立连接。

    Consider an example where a company is using a SaaS for the purpose of offering its employees an access to Gmail, then they’d generally get an API key from Google for enabling the single sign-on. Such an API key offered by Google would be valid only for that company and would enable users to get an access to their Gmail accounts.

    考虑一个示例,其中一家公司使用SaaS来向其员工提供对Gmail的访问权限,然后他们通常会从Google获得API密钥以启用单点登录。 Google提供的此类API密钥仅对该公司有效,并使用户能够访问其Gmail帐户。

    如何保护API密钥? (How to secure the API keys ? )

    Similar to any password or any private key, API keys too needs to be kept secure. This might have given you a hint that, these keys should not be stored as files over your file system nor should it be encapsulated within an applications. They should rather be stored encrypted.

    与任何密码或任何私钥相似,API密钥也需要保持安全。 这可能会提示您,这些密钥不应作为文件存储在文件系统上,也不应封装在应用程序中。 他们应该加密存储。

    The below solutions can be used for managing your API keys :

    以下解决方案可用于管理您的API密钥:

    A) Sending out Emails containing the API’s : It is usually a common practise observed in many companies, where the API keys are sent via. emails to developers so that they can include it in the website codes. Such a practice is way too casual and can hamper your data security.

    A)发送包含API的电子邮件 在许多公司中,API密钥是通过发送的,这是通常的惯例。 通过电子邮件发送给开发人员,以便他们可以将其包含在网站代码中。 这种做法太随意了,可能会影响您的数据安全性。

    B) Configuration Files: Furthermore, it has also been observed that, the developers include an API key within a configuration file in-a-way that it can be easily found. If you are among such individuals, then you must start considering API keys as something that is equally important as the SSL keys and are required to be managed with optimum care. Rather, incase the API keys fall in the wrong, it can cause serious damage than that in the case when private SSL keys gets disclosed.

    B) 配置文件:此外,还观察到,开发人员以一种易于找到的方式将API密钥包含在配置文件中。 如果您属于此类人士,那么您必须开始考虑将API密钥视为与SSL密钥同等重要的事物,并且需要对其进行最佳管理。 相反,如果API密钥输入错误,则与公开私有SSL密钥的情况相比,它可能导致严重的损害。

    C) Security Keys Inventory : One of the methods for avoiding concerns regarding managing API keys is to implement specific security policy about the keys. This can help you with keeping an inventory of API keys. Most of the organisation implement an alternative way by adopting an ad hoc approach for maintaining a track of their API keys.

    C)安全 密钥清单 避免担心管理API密钥的方法之一是实施有关密钥的特定安全策略。 这可以帮助您保留API密钥的清单。 大多数组织都采用一种临时方法来维持其API密钥的跟踪,从而实现了另一种方法。

    The below queries can be raised inorder to effectively managing the keys :

    为了有效地管理密钥,可以提出以下查询:

    Question i : What is the purpose of a specific key and what is it used for ?

    问题i:特定密钥的用途是什么?

    Question ii : Who would be the point of contact that would be responsible for specific keys?

    问题ii:谁将是负责特定密钥的联系人?

    Question iii : Does there exist an expiry strategy inorder to manage the expiration of a particular key? How would you be alerted about the approaching expiry? Incase you haven’t laden specific plans about managing the expired or the expiring API keys, it can result in chaos upon expiry of the passwords.

    问题iii:是否存在用于管理特定密钥过期的过期策略? 您将如何收到即将到期的警报? 如果您没有关于管理过期或过期的API密钥的具体计划,则密码过期后可能会造成混乱。

    D) Secure and Encrypted File Storage: Many-a-times it may so happen that the developer implements their own security for API keys, this might sometimes be a gamble. Despite the fact that the developer might be aware about the seriousness of the API keys and try to place it in some hard to reach location or by implementing some encryption algo. But it somebody does find an access to that location, it can easily be publicised in no time.

    D)安全和 加密的文件存储:开发人员为API密钥实施自己的安全性很多时候,这有时可能是一场赌博。 尽管开发人员可能已经意识到API密钥的严重性,并尝试将其放置在某些难以到达的位置或通过实施某种加密算法来进行开发。 但是有人确实找到了该位置的访问权限,因此可以随时轻松地将其发布。

    Considering all these varied aspects, it becomes crucial any organisation using Cloud Hosting for carrying out the business activities to give equal importance to API keys similar to the way they give to SSL keys. API keys and its management is a serious and a sensitive area, hence should be handled with enough care and caution. This would in-turn enable you to have a secure Cloud Hosting experience and keep your credit card bills restricted to only what you’ve actually used.

    考虑到所有这些不同的方面,对于使用Cloud Hosting进行业务活动的企业来说,使其对API密钥的重视程度与对SSL密钥的赋予方式一样,具有至关重要的意义。 API密钥及其管理是一个严重且敏感的领域,因此在处理时应格外小心。 反过来,这将使您拥有安全的Cloud Hosting体验,并将信用卡账单限制在仅实际使用的范围内。

    翻译自: https://www.eukhost.com/blog/webhosting/importance-of-api-keys-in-cloud/

    商户密钥和api密钥

    展开全文
  • 商户密钥和api密钥by Ramesh Lingappa 通过拉梅什·林加帕(Ramesh Lingappa) 构建安全API密钥的最佳做法 (Best practices for building secure API Keys) We all know how valuable APIs are. They’re the ...

    商户密钥和api密钥

    by Ramesh Lingappa

    通过拉梅什·林加帕(Ramesh Lingappa)

    构建安全API密钥的最佳做法 (Best practices for building secure API Keys)

    We all know how valuable APIs are. They’re the gateway to exploring other services, integrating with them, and building great solutions faster.

    我们都知道API的价值。 它们是探索其他服务,与之集成以及更快地构建出色解决方案的门户。

    You might have built or are thinking of building APIs for other developers to use. An API needs some form of authentication to provide authorised access to the data it returns.

    您可能已经构建或正在考虑构建供其他开发人员使用的API。 API需要某种形式的身份验证,以提供对其返回的数据的授权访问。

    There are several authentication standards available today such as API Keys, OAuth, JWT, etc.

    今天有几种认证标准可用,例如API密钥, OAuthJWT等。

    In this article, we’ll look at how to correctly manage API Keys to access APIs.

    在本文中,我们将研究如何正确管理API密钥以访问API。

    那么为什么要使用API​​密钥? (So Why API Keys?)

    API Keys are simple to use, they’re short, static, and don’t expire unless revoked. They provide an easy way for multiple services to communicate.

    API密钥易于使用,且简短,静态,并且除非被撤消,否则不会过期。 它们为多种服务提供了一种简便的通信方式。

    If you provide an API for your clients to consume, it’s essential for you to build it in the right way.

    如果您提供API供客户使用,则以正确的方式构建它至关重要。

    Let’s get started, and I’ll show you how to build API Keys the right way.

    让我们开始吧,我将向您展示如何正确构建API密钥。

    API密钥生成 (API Key Generation)

    Since the API key itself is an identity by which to identify the application or the user, it needs to be unique, random and non-guessable. API keys that are generated must also use Alphanumeric and special characters. An example of such an API key is zaCELgL.0imfnc8mVLWwsAawjYr4Rx-Af50DDqtlx.

    由于API密钥本身是用于标识应用程序或用户的身份,因此它必须是唯一,随机且不可猜测的。 生成的API密钥还必须使用字母数字和特殊字符。 此类API密钥的示例是zaCELgL.0imfnc8mVLWwsAawjYr4Rx-Af50DDqtlx

    安全的API密钥存储 (Secure API Key Storage)

    Since the API key provides direct access to data, it’s pretty much like a password that a user of a web or mobile app provides to gain access to the same data.

    由于API密钥可直接访问数据,因此它很像Web或移动应用程序的用户提供的用于访问相同数据的密码。

    Think about it. The reason we need to store API keys is to make sure that the API key in the request is valid and issued by us (just like a password).

    想一想。 我们需要存储API密钥的原因是,确保请求中的API密钥是有效的并由我们发出(就像密码一样)。

    We don’t need to know the raw API key, but just need to validate that the key is correct. So instead of storing the key in plain text (bad) or encrypting it, we should store it as a hashed value within our database.

    我们不需要知道原始的API密钥,而只需要验证密钥是否正确即可。 因此,我们应该将密钥作为哈希值存储在数据库中,而不是将密钥存储为纯文本(错误的)或对其进行加密。

    A hashed value means that even if someone gains unauthorised access to our database, no API keys are leaked and it’s all safe. The end user would send the raw API key in each API request, and we can validate it by hashing the API key in the request and compare the hashed key with the hash stored within our database. Here is a rough implementation of it in Java:

    哈希值表示即使有人获得了对我们数据库的未经授权的访问,也不会泄漏任何API密钥,这一切都是安全的。 最终用户将在每个API请求中发送原始API密钥,我们可以通过对请求中的API密钥进行哈希处理并将其与数据库中存储的哈希进行比较来对其进行验证。 这是在Java中的粗略实现:

    In the code above, the primary key will be a combination of the prefix and the hash of the API key {prefix}.{hash_of_whole_api_key}.

    在上面的代码中,主键将是API密钥{prefix}.{hash_of_whole_api_key}的前缀和哈希值的组合。

    But hold on, there is more. Storing a hashed value brings specific usability problems. Let’s address those now.

    但是等等,还有更多。 存储散列值会带来特定的可用性问题。 让我们现在解决这些。

    向用户展示API密钥 (Presenting the API Key to users)

    Since we don’t store the original API key, we can show it only once to the user, at the time of creation. So be sure to alert users that it cannot be retrieved again, and they need to generate a new token if they forget to copy the API key and store it safely. You can do something like this:

    由于我们不存储原始API密钥,因此在创建时只能向用户显示一次。 因此,请确保警告用户无法再次检索它,如果他们忘记复制API密钥并安全地存储它,则需要生成一个新令牌。 您可以执行以下操作:

    用户以后如何识别生成的API密钥 (How users can identify a generated API Key later)

    Another problem is how users identify the right API key in your console if they need to edit or revoke it. This can be solved by adding a prefix to the API key. Notice in the picture above the first 7 characters (that’s our prefix), separated by the dot.

    另一个问题是,如果用户需要编辑或撤消它,则如何在控制台中识别正确的API密钥。 这可以通过在API密钥上添加前缀来解决。 请注意图片中的前7个字符(这是我们的前缀),以点分隔。

    Now you can store this prefix in the database and display it in the console so users are able to quickly identify the right API key entry, like this:

    现在,您可以将此前缀存储在数据库中并在控制台中显示,以便用户能够快速识别正确的API密钥条目,如下所示:

    不要给API密钥所有权力 (Don’t give the API Key all the power)

    One common mistake that API key providers make is providing one key to access everything, since it’s easy to manage. Don’t do that. Assume that a user just needs to read an email, and generates an API key. But that key now has full access to other services, including deleting records in the database.

    API密钥提供程序犯的一个常见错误是提供一个密钥来访问所有内容 ,因为它易于管理。 不要那样做 假设用户只需要阅读一封电子邮件,并生成一个API密钥。 但是,该密钥现在可以完全访问其他服务,包括删除数据库中的记录。

    The right approach is to allow the end users to properly restrict API Key access and choose specific actions that an API key can carry out. This can be done by providing scopes, where each scope represents a specific permission.

    正确的方法是允许最终用户适当地限制对API密钥的访问,并选择API密钥可以执行的特定操作。 这可以通过提供作用域来完成,其中每个作用域代表一个特定的权限。

    For example,

    例如,

    • if you need an API key to just send emails, you can generate an API key with the scope as “email.send”

      如果您只需要一个API密钥即可发送电子邮件,则可以生成范围为“ email.send”的API密钥

    • if the end user has multiple servers and each carries out a specific action, then a separate API key can be generated with a specific scope.

      如果最终用户有多个服务器,并且每个服务器都执行特定的操作,则可以生成具有特定范围的单独的API密钥。

    So while creating the API key, allow users to select what access that API key should have, as in the image below.

    因此,在创建API密钥时,允许用户选择该API密钥应具有的访问权限,如下图所示。

    This way users can generate multiple API keys, each with specific rules of access for better security. And when an API request is received, you can check if the API Key has the right scope to access that API. Now the database looks something like this:

    这样,用户可以生成多个API密钥,每个密钥都有特定的访问规则,以提高安全性。 并且,当收到API请求时,您可以检查API密钥是否具有访问该API的正确范围。 现在数据库看起来像这样:

    限速API密钥 (Rate limiting API keys)

    Yes, you might already know it, but it is important to rate limit requests made with specific API Keys to ensure no bad actor can take down your API servers or cause performance issues that affect your other customers. Having a proper rate limiting and monitoring solution keeps the API service healthy.

    是的,您可能已经知道这一点,但是对使用特定API密钥发出的请求进行速率限制很重要,以确保没有不良行为者可以关闭您的API服务器或导致影响其他客户的性能问题。 拥有适当的速率限制和监视解决方案可使API服务保持健康。

    结论 (Conclusion)

    API keys, when built right, are still a great way to communicate with another server. As we reviewed in this article, following certain practices offers benefits to both API consumers and API providers. Hope this helps you.

    正确构建API密钥后,仍然是与另一台服务器通信的好方法。 正如我们在本文中所回顾的那样,遵循某些惯例可以为API使用者和API提供者带来好处。 希望对您有帮助。

    Happy Securing your APIs!

    祝您的API安全!

    翻译自: https://www.freecodecamp.org/news/best-practices-for-building-api-keys-97c26eabfea9/

    商户密钥和api密钥

    展开全文
  • API密钥适用于人们” 该模块是一个生成器,验证器和转换器,可以将UUID转换为人类可读的Base32-Crockford编码的API密钥。 变成这样: 9b3ac4c9-0228-4e42-a244-927059b1a5ea 到这个: KCXC9JD-08M4WGH-M9294...
  • 设置api密钥by Sam Corcos 由Sam Corcos 我应该将我的API密钥设置多长时间? (How Long Should I Make My API Key?) 计算散列值的冲突概率 (Calculating collision probabilities of hashed values) Say you ...

    设置api密钥

    by Sam Corcos

    由Sam Corcos

    我应该将我的API密钥设置多长时间? (How Long Should I Make My API Key?)

    计算散列值的冲突概率 (Calculating collision probabilities of hashed values)

    Say you built an API that generates public keys, and these keys all need to be unique and hard to guess. The most common way to do this is to use a hash function to generate a random series of numbers and letters. A typical hash looks something like the text below.

    假设您构建了一个可生成公共密钥的API,那么这些密钥都必须是唯一的且难以猜测。 最常见的方法是使用哈希函数生成随机的数字和字母系列。 典型的哈希看起来像下面的文本。

    AFGG2piXh0ht6dmXUxqv4nA1PU120r0yMAQhuc13i8

    AFGG2piXh0ht6dmXUxqv4nA1PU120r0yMAQhuc13i8

    A question that often comes up is, “How long does my hash need to be in order to ensure uniqueness?” Most people assume this is a difficult calculation. So they default to some very large number, like a 50-digit hash. The equation to approximate collision probability is actually quite simple.

    经常出现的一个问题是:“为了确保唯一性,我的哈希需要多长时间?” 大多数人认为这是一个困难的计算。 因此,它们默认使用非常大的数字,例如50位哈希。 近似碰撞概率的方程实际上很简单。

    我该如何计算? (How do I calculate?)

    Let’s assume you’re using a good cryptographic algorithm (i.e. not JavaScript’s Math.random). Every language has a decent crypto package for generating random hashes. With Phoenix, you can use the Erlang :crypto package.

    假设您使用的是好的加密算法(即不是JavaScript的Math.random )。 每种语言都有一个不错的加密软件包,用于生成随机哈希。 使用Phoenix,您可以使用Erlang :crypto包。

    There are only two pieces of information you need to do the calculation:

    您只需要执行两条信息即可进行计算:

    1. How many possible unique hash values can you create with the given inputs? We’ll assign this to the variable N.

      您可以使用给定的输入创建多少个唯一的哈希值? 我们将其分配给变量N。

    2. How many values could you possibly need to generate in the lifetime of your project? We’ll assign this to the variable k.

      在您的项目生命周期中,您可能需要生成多少个值? 我们将其分配给变量k。

    To calculate the first value, add up all the possible characters that can go into your hash. Raise it to the power of the length of your hash.

    要计算第一个值,请将所有可能包含在哈希中的字符加起来。 将其提高到哈希长度的力量。

    So for example, if your hash value contains numbers, lowercase, and uppercase letters, that adds up to 62 total characters (10 + 26 + 26) that we can use. If we are generating a hash of only 3 characters in length, then:

    因此,例如,如果您的哈希值包含数字,小写字母和大写字母,则总共可以使用62个字符(10 + 26 + 26)。 如果我们生成的长度仅为3个字符的哈希,则:

    N = 62³ = 238,328 possible values

    N =62³= 238,328可能的值

    To calculate the second value, you need to think about what your app does and make some reasonable assumptions.

    要计算第二个值,您需要考虑您的应用程序的功能并做出一些合理的假设。

    Let’s say your app is generating a hash to assign to each of your customers. Let’s also say that your app is very niche. The absolute-best case scenario, your app will have 1000 customers over its lifetime. Then, for safety’s sake, we’ll multiply that by 10. We assume that you may need to generate 10,000 values over the course of your app’s life.

    假设您的应用正在生成哈希以分配给每个客户。 我们还说您的应用程序非常利基。 在绝对最佳的情况下,您的应用在整个生命周期内将拥有1000个客户。 然后,为了安全起见,我们将其乘以10。我们假设您可能需要在应用的生命周期内生成10,000个值。

    k = 10,000 upper bound for possible values that need to be created

    k = 10,000需要创建的可能值的上限

    So now we need to calculate. There are many algorithms we can use. We’ll use one of the simple approximations, where e is the mathematical constant (the base of the natural log), and k and N are the same values as above.

    所以现在我们需要计算。 我们可以使用许多算法。 我们将使用一种简单的近似值 ,其中e是数学常数(自然对数的底数),而kN是与上述相同的值。

    The base equation gives us the probability that all values are unique. Then we subtract that result from 1 to get the odds that you have a collision. If you don’t feel like writing your own equation, I’ve provided one below written in JavaScript.

    基本方程式为我们提供了所有值都是唯一的概率。 然后,我们从1中减去该结果即可得出发生碰撞的几率。 如果您不想编写自己的方程式,请在下面提供用JavaScript编写的方程式。

    So in the example above, calculate(N, k) yields a probability of approximately 100% that you will have a collision. So for that use case, you should use a hash of more than 3 characters in length.

    因此,在上面的示例中, calculate(N,k)会产生大约100%的碰撞概率。 因此,对于该用例,应使用长度超过3个字符的哈希。

    Now, if we were to take that same example but change the length of our hash from 3 to 5, we would get an N that is much larger (exponentials are good like that).

    现在,如果我们采取同样的例子,但改变了我们从3哈希的长度为5,我们会得到一个N大得多 (指数都是这样的好)。

    N = 62⁵ = ~900,000,000

    N =62⁵=〜9亿

    Assuming the same value k, our new probability of a collision is down to only 5.4%. What if we bumped that from 5 characters to 10?

    假设值k相同,则我们发生碰撞的新概率仅为5.4% 。 如果我们将字符数从5个增加到10个怎么办?

    N = 62¹⁰ = ~800,000,000,000,000,000

    N =62¹⁰=〜800,000,000,000,000,000

    Yes, that’s ~800 quintillion unique hashes. Which bring your odds of a collision down to 0.000000000062%. This is about a 1-in-50-billion chance that you have a conflict. And that’s with a hash of 10 digits — something like: BwQ1W6soXk.

    是的,这是约800亿个独特的哈希值。 这使您的碰撞几率降至0.000000000062%。 这大约有500亿分之一的机会发生冲突。 这是10位数字的哈希-类似于:BwQ1W6soXk。

    For another example, let’s say you’re a data processing company that deals with lots of transactions. We’ll say you deal with 1 million processes per second and you need to generate a hash for each of them. Let’s also say that you think this company could run for the next 100 years.

    再举一个例子,假设您是一家处理大量交易的数据处理公司。 我们将说您每秒处理一百万个进程,并且需要为每个进程生成一个哈希。 假设您认为这家公司可以在未来100年经营。

    k = ~3,000,000,000,000,000

    k = 〜3,000,000,000,000,000

    That comes out to about 3 quadrillion hashes that you need made that all need to be unique. That’s a lot of data! But even with this extremely large number to work with, you only need a 21-digit hash to ensure a 1-in-10-million chance of collision over the lifetime of the project.

    这样就得出了大约3个需要满足所有要求的唯一性的四方哈希。 大量的数据! 但是,即使可以处理的数目如此之大,您也只需要使用21位数字的哈希值,就可以确保在项目生命周期中发生碰撞的可能性达到了十分之一。

    So the next time you’re worried about the length of your hash in ensuring uniqueness, know that you don’t need one as long as you think you do. Plus, you can do the calculation yourself without much effort.

    因此,下次您担心确保唯一性时哈希值的长度时,请知道您不需要的时间就与您认为的一样长。 另外,您可以自己进行计算,而无需花费太多精力。

    Sam Corcos is the lead developer and co-founder of Sightline Maps, the most intuitive platform for 3D printing topographical maps, as well as LearnPhoenix.io, an intermediate-advanced tutorial site for building scalable production apps with Phoenix and React.

    Sam Corcos是Sightline Maps (用于3D打印地形图的最直观的平台)以及LearnPhoenix.io (用于使用Phoenix和React构建可扩展的生产应用程序的中级高级教程网站)的首席开发人员和共同创始人。

    翻译自: https://www.freecodecamp.org/news/how-long-should-i-make-my-api-key-833ebf2dc26f/

    设置api密钥

    展开全文
  • Django REST框架API密钥 API密钥权限。 介绍 Django REST Framework API Key是一个库,用于允许服务器端客户端安全地使用您的API。 这些客户端通常是第三方后端和服务(即计算机),它们没有用户帐户,但仍需要以...
  • APISecurityBestPractices:可帮助您将秘密(API密钥,数据库凭据,证书等)保留在源代码外的资源,并在API密钥泄漏的情况下纠正此问题。 由GitGuardian提供
  • apikey-manager 轻松生成您的API密钥。 安装 $ npm install apikey-manager 测验 // Run tests npm run test 执照 麻省理工学院:copyright:
  • 使用 API 密钥对请求进行身份验证的简单中间件,支持: 基本http://apikey:@example.com/验证: http://apikey:@example.com/ 自定义标题 x-apikey x-api-key apikey 查询字符串 api-key apikey api 目前仅...
  • 一篇文档给你解释清楚,微信支付的appid、mch_id、API证书、API密钥、APIv3密钥到底是什么东西
  • 易于使用,重量轻,适用于ASP.NET Core的Microsoft样式API密钥身份验证实现。 可以对其进行设置,使其可以接受Header,Authorization Header,QueryParams或HeaderOrQueryParams中的API密钥。 正在安装 该库在NuGet...
  • foxx-api-keys ArangoDB foxx的api密钥管理库
  • 如何获取Google地图API密钥

    千次阅读 2019-08-21 23:08:56
    如何获取Google地图API密钥? 使用Google地图的用户需要注意了!Google地图于2016年6月22日更新了Google地图API接口,更新接口后必需要申请Google地图API密钥才可以使用Google地图。 如果您以前引用的Google地图中...
  • 支付账户:appid\mch_id(微信支付商户号)\API密钥\Appsecret
  • 百度地图API 密钥

    万次阅读 多人点赞 2015-06-07 12:11:04
    百度地图API 密钥:DD279b2a90afdf0ae7a3796787a0742e
  • 百度地图API密钥

    万次阅读 2017-11-29 10:54:36
    百度地图API 密钥 DD279b2a90afdf0ae7a3796787a0742e
  • 要了解更多信息,请参阅Google Maps Platform入门。...API密钥是唯一的标识符,用于对与您的项目相关联的请求进行身份验证以进行使用和计费。 获取API密钥 您必须至少有一个与项目关联的API密钥。...
  • 从 Google 地图获取海拔(您需要一个 API 密钥才能使用此功能!查看 Google 开发者页面)。 该函数创建一个 URL 来下载点高程。 每个 URL 对应一个请求。 单个请求最多可包含 450 个点。 例如,如果要获取 1231 点的...
  • 使用 Python 的简单 API 密钥生成器 开发环境 操作系统:Windows 8.1 64 位 工具: Python 2.7.9 MongoDB 3.0.2(从下载 64 位安装程序) pymongo ( pip install pymongo ) 参数解析 吉特 用法 您可以将此应用...
  • 生成API密钥 generate-api-key是用于生成随机API密钥/访问令牌的库。 目录 变更记录 执照 安装 使用NPM: $ npm install generate-api-key 使用纱线: $ yarn add generate-api-key 用法 generate-api-key库...
  • 话语API密钥生成器 用法 npx discourse-api-key-generator --app=your-application-name --url=https://discourse.example.com
  • 智能工具,但没有API密钥 什么是Metabigor? Metabigor是智能工具,其目标是执行OSINT任务以及更多但没有任何API密钥的任务。 安装 go get -u github.com/j3ssie/metabigor 主要特点 发现目标的IP地址。 用于在IP...
  • 无服务器添加API密钥 一个插件,用于创建api密钥和使用模式(如果尚不存在)并将它们与Rest Api关联。 Serverless本机提供此功能,但不允许您将多个服务与相同的apiKey和使用计划关联。 如果该密钥已经存在,则此...
  • 管理API密钥、密码、证件的Go工具包
  • 要开始,您只需要提供一组有效的 API 密钥。 $valid_keys = array( "validkey001", "validkey002" ); $app = new \Slim\Slim(); $app->add(new \Slim\Middleware\APIKey($valid_keys)); 对于每个客户端请求,...
  • 图像到文字测试 确保API密钥不过期

空空如也

空空如也

1 2 3 4 5 ... 20
收藏数 102,863
精华内容 41,145
关键字:

API密钥