防止未认证访问或数据篡改,需要在所有api调用加入2个参数 c 和 v
c = Base64(unix timestamp)
v = SHA1 hexdigest({c} + modumajiang)
比如,unix timestamp 是 1495465498,那么
c = "MTQ5NTQ2NTU1Mg==\n"
v = "2cd88088ead8b53051bce19af58a58f0e3d413df" // {c} + modumajiang = "MTQ5NTQ2NTU1Mg==\n:modumajiang"
调用api格式为 POST http://wechat.mohuatech.com/users/:id/use?c=MTQ5NTQ2NTU1Mg%3D%3D%0A&v=2cd88088ead8b53051bce19af58a58f0e3d413df
- 使用房卡
POST /users/:id/use
{"cardnumber": 10}
- 用户受邀注册
POST /users/:id/invited_by
{"parentid": :parentid}