Skip to content

认证与授权

认证

认证方式

Basic Authentication

curl -X POST -H "Accept:application/vnd.edusoho.v2+json" -H "Authorization: Basic dGVzdDJlZHVvc2hvOjEyMzQ1Ng==" http://demo.edusoho.com/api/tokens
PHP
<?php
$username = "yourUsername";
$password = "yourPassword";

// 1. 账号:密码
$credentials = $username . ":" . $password;

// 2. Base64编码
$encoded = base64_encode($credentials);

// 3. 拼接Authorization Header
$authHeader = "Basic " . $encoded;

echo "Authorization Header: " . $authHeader;
Java
import java.util.Base64;

public class BasicAuthExample {
    public static void main(String[] args) {
        String username = "yourUsername";
        String password = "yourPassword";

        // 1. 账号:密码
        String credentials = username + ":" + password;

        // 2. Base64编码
        String encoded = Base64.getEncoder().encodeToString(credentials.getBytes());

        // 3. 拼接到Authorization Header
        String authHeader = "Basic " + encoded;

        System.out.println("Authorization Header: " + authHeader);
    }
}
text
1. 选择标签页:Authorization

2. 在 Type 里选择:Basic Auth

3. 填写:
Username:输入你的用户名(比如:yourUsername)
Password:输入你的密码(比如:yourPassword)

4. Postman 会自动帮你在 Headers 里加上:
Authorization: Basic eW91clVzZXJuYW1lOnlvdXJQYXNzd29yZA==

X-Auth-Token

curl-X POST -H "Accept:application/vnd.edusoho.v2+json" -H "X-Auth-Token: nzGrtcsDsrFzrId2hoLYfUafskRJ0pb9" http://demo.edusoho.com/api/tokens

第三方认证

curl-X POST -H "Accept:application/vnd.edusoho.v2+json" http://demo.edusoho.com/api/tokens?access_token=access_token&openid=open_id&type=weixinweb

Access-Token

curl-X POST -H "Accept:application/vnd.edusoho.v2+json" -H "Access-Token: AccessToken" http://demo.edusoho.com/api/tokens

AccessToken等于 MD5(AppKey-SecretKey) ,AppKey和SecretKey中间符号为-

  • 新增服务器出口IP白名单校验
  • 新增API设置开关
Postman 脚本示例:
javascript
// 获取 AppKey 和 SecretKey
const appKey = "your_app_key"; // 替换为你的 AppKey
const secretKey = "your_secret_key"; // 替换为你的 SecretKey

// 将 AppKey 和 SecretKey 用 '-' 连接起来
const combinedString = `${appKey}-${secretKey}`;

// 使用 CryptoJS 生成 MD5 哈希值
const accessToken = CryptoJS.MD5(combinedString).toString();

// 设置请求头 Access-Token
pm.request.headers.add({
  key: 'Access-Token',
  value: accessToken
});

获取X-Auth-Token

POST /tokens

权限

  • 需要认证

参数

使用 Basic Authentication 认证,需要传用户名、密码

响应

字段描述
token stringX-Auth-Token
user stringAuthenticatedUser