V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
Dalaran
V2EX  ›  程序员

为什么有些 API 通过网页可以访问,用 postman 模拟却不能访问

  •  
  •   Dalaran · 2020-12-10 10:01:18 +08:00 · 3174 次点击
    这是一个创建于 1441 天前的主题,其中的信息可能已经有所发展或是发生改变。

    例如:阿里云的页面 https://market.aliyun.com/qidian/search/%E9%98%BF%E9%87%8C%E4%BA%91?type=company 查看 XHR 有这个 https://holmes.taobao.com/web/corp/customer/searchWithSummary 接口,可以看到返回内容,但是用 postman 设置相应的参数却没有返回

    General

    Request URL: https://holmes.taobao.com/web/corp/customer/searchWithSummary
    Request Method: POST
    Status Code: 200 
    Remote Address: 203.119.144.58:443
    Referrer Policy: strict-origin-when-cross-origin
    

    Response Header

    access-control-allow-credentials: true
    access-control-allow-origin: https://market.aliyun.com
    content-encoding: gzip
    content-type: application/json;charset=utf-8
    date: Thu, 10 Dec 2020 01:45:55 GMT
    eagleeye-traceid: 0b52190b16075647557863132e3d8b
    expires: Thu, 01 Jan 1970 00:00:00 GMT
    server: Tengine/Aserver
    set-cookie: XSRF-TOKEN=22f5407e-1fac-4d3f-a049-43786b11f7ce;Path=/;HttpOnly
    strict-transport-security: max-age=31536000 ; includeSubDomains
    strict-transport-security: max-age=0
    timing-allow-origin: *
    vary: Accept-Encoding
    vary: Origin
    x-application-context: bi-eris:production:7001
    x-content-type-options: nosniff
    x-frame-options: DENY
    x-xss-protection: 1; mode=block
    

    Request Header

    :authority: holmes.taobao.com
    :method: POST
    :path: /web/corp/customer/searchWithSummary
    :scheme: https
    accept: application/json, text/plain
    accept-encoding: gzip, deflate, br
    accept-language: en,zh-CN;q=0.9,zh;q=0.8
    cache-control: no-cache
    content-length: 64
    content-type: application/json
    cookie: cna=fJgYEh6gUUYCAXrp5q9LmIm7; enc=fbIfqJOvfFt9vT4kODgzJBjdWPNtvqaBiho3fdllerYXKWCGJYyPPqAoEgHUm6i%2BIIUvgEQNGvjc94wgPa32Lw%3D%3D; t=5f19037a79e51611f3d5ecf6ba8a56a1; _m_h5_tk=bd0df265e4e26a46dccd0914ef1afba5_1607513346822; _m_h5_tk_enc=beb44b49f7ed129f1458d0a80ea96a25
    origin: https://market.aliyun.com
    pragma: no-cache
    referer: https://market.aliyun.com/
    sec-fetch-dest: empty
    sec-fetch-mode: cors
    sec-fetch-site: cross-site
    user-agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
    

    Request Payload

    {pageNo: 1, pageSize: 10, keyword: "阿里云", orderByType: 5}
    keyword: "阿里云"
    orderByType: 5
    pageNo: 1
    pageSize: 10
    
    8 条回复    2020-12-10 10:37:23 +08:00
    anjianshi
        1
    anjianshi  
       2020-12-10 10:03:54 +08:00
    网页能拉到的内容 postman 一定能拉到啊

    - url
    - header
    - body

    肯定是其中哪个和网页请求时不一样了
    Kasumi20
        2
    Kasumi20  
       2020-12-10 10:05:37 +08:00
    user-agent
    Jackeriss
        3
    Jackeriss  
       2020-12-10 10:07:02 +08:00 via iPhone
    有可能是根据时间戳加密的
    zywz999
        4
    zywz999  
       2020-12-10 10:22:39 +08:00
    Dalaran
        5
    Dalaran  
    OP
       2020-12-10 10:25:48 +08:00
    @zywz999 请求头和 body 可以看看吗,[捂脸]
    matrix67
        6
    matrix67  
       2020-12-10 10:26:40 +08:00   ❤️ 2
    网页 f12 导出 curl
    postman 再导入 curl 。
    zywz999
        7
    zywz999  
       2020-12-10 10:30:05 +08:00   ❤️ 1
    @Dalaran #5 告诉你一个小技巧 请求右键 copy=>copy as curl(bash) 可以直接用 postman 导入的
    Dalaran
        8
    Dalaran  
    OP
       2020-12-10 10:37:23 +08:00
    @matrix67
    @zywz999
    学到了,谢谢哈
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   5367 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 24ms · UTC 08:38 · PVG 16:38 · LAX 00:38 · JFK 03:38
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.