Article From:

Restful style API, please.
URLThis kind of this/:userIdDoes the parameter need to be included in the signature?
If necessary, what form should be included?

for example

API: /user/:userId

Scenario 1: sign a and B only.
sign = md5("a=1b=2")
Option two: userId will also sign.
sign = md5("123a=1b=2")

Answer 0:

All external input parameters need to be signed, otherwise the userId signature can be changed.

Link of this Article: URL parameter signature design

Leave a Reply

Your email address will not be published. Required fields are marked *