Article From:https://segmentfault.com/q/1010000011699984
Question:

Restful style API, please.
URLThis kind of this/:userIdDoes the parameter need to be included in the signature?
If necessary, what form should be included?

for example

API: /user/:userId
URL: https://www.abc.com/user/123?a=1&b=2&sign=******

Scenario 1: sign a and B only.
sign = md5("a=1b=2")
Option two: userId will also sign.
sign = md5("123a=1b=2")

Answer 0:

All external input parameters need to be signed, otherwise the userId signature can be changed.

Similar Posts:

Link of this Article: URL parameter signature design

Leave a Reply

Your email address will not be published. Required fields are marked *