Does the background staff directly output the data on the page or provide an API interface to the front end, and then display it on the page similar to an ajax request?
If you use an api interface, you are afraid that the API interface link will be stolen by others. Is there any way to prevent it? ?
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
It depends on what kind of customers you have. If your background data belongs to a database class used to save customer information, you can try to use the ajax header to verify the other party's information. For details, you can learn about APIclound's documentation. When they call the interface, they use the header to verify the appid and appkey
The former is suitable for close integration of PHP and views, while the latter is suitable for interface service operations. The specific choice depends on the actual situation of your project. If you use an interface, you can set sign signature verification and token login verification for your interface
You can verify permissions on both interfaces and pages. For example, you need to log in to view it, and you can only view it if you have a corresponding level. These can be placed in the session.
If you directly output the page, it will also be crawled away. It is better to find ways to strengthen user verification and check before entering sensitive pages. The backend needs to have an anti-crawling mechanism. Even legitimate users who obtain a large amount of data in a short period of time must be automatically blocked and Adamin notified.