更新时间:2022-02-22 21:36:40
您无法从客户端隐藏API调用,无论您做什么,他们始终可以使用像
You cannot hide your API calls from the client, no matter what you do they could always use a packet sniffer like Wireshark to see what your app is doing.
您需要构建一个更安全的API,该API仅允许用户操纵其帐户.您可以通过分配令牌来控制它们的访问,例如 oAuth 的工作方式.
You need to build a safer API that only allows users to manipulate their account. You can control their access by assigning tokens, like the way oAuth works.