Does the interface design need to sign the client?

the current API is as follows:
generate a token randomly after the user logs in. Use the value of token as the key cached by Redis
. The cached value is the user"s information, including user id, user nickname, user avatar, etc.

Interface access and authentication

the user will carry the token in the header when accessing the interface.
check whether the token exists and whether it is valid in the front operation. If it is invalid, return http code 401
if it is valid to increase the expiration time of the token, the uid that injects the user id into the request object

Service class service\ Token
this class provides operations on token such as an increase in expiration time to obtain uid according to token

questions

later, I saw on the Internet that it is very insecure and requires a signature and signature algorithm

could you tell me how to design and use this signature? Thank you very much

finally, ask me whether the above interface design is reasonable. Because it is self-study, so there are not many people to give advice, so I am a little confused

Aug.11,2021

if you add a signature, it is recommended to add it as a whole, don't leave it out, and keep it uniform.
and security is also greatly improved. There are many signature algorithms, but the simpler one can be

.
// 
(md5(++key)++ )

is not a big problem in general, and it is not particularly secure when it comes to operations of the amount payment class.


you can refer to the interface design of the relevant api services. I think it's better to generate a signature for each request.


whether you need signature and encryption, you can consider whether your system security is important, that is, combined with business security and the complexity of additional requirements.


I think what you said is the same as JWT. It has its own data, expiration time, issuer, receiver, and jwt is also put into Header. It automatically detects whether it expires, whether it is legal, and so on. In this way, you don't have to design the code yourself, and there are security issues.
Link:
https://jwt.io/

MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1e95212-1533.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1e95212-1533.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?