Here is a example on common HTTP header after authentication:
HTTP header
| Header |
login user |
used in browser |
used in android |
value |
sample |
| x-li-device |
x |
✓ |
✓ |
sha1(UUID) |
bd62c29291cbe9fb9662ef70f8c5042d55680f0 |
| x-li-device-type |
x |
✓ |
✓ |
browser or android |
browser |
| x-li-digest |
✓ |
✓ |
✓ |
sha1(jeams${{http method in lower case}}${{url}}$${{user token}}${{value from x-li-request-time}}) |
82f1f6d46e14f73b088fbac68984aae5f157c971 |
| x-li-load-time |
x |
✓ |
x |
????? |
4.3450985 |
| x-li-plus |
✓ |
✓ |
✓ |
????? |
473672897fbc4c2447aefa76e69f26191e6385c1 |
| x-li-request-time |
✓ |
✓ |
✓ |
unix time stamp in UTC |
1525597958 |
| x-li-user |
✓ |
✓ |
✓ |
user id |
|
Note about x-li-digest:
The digest example was generated as following
sha1( jeams${{http method in lower case}}${{url}}$${{user token}}${{value from x-li-request-time}} )
---> sha1( jeams$get$https://lihkg.com/api_v2/thread/634747/page/1?order=reply_time$$fc108e0701575efb4a70b69db2779860d02b9d33$1525597958 )
---> 82f1f6d46e14f73b088fbac68984aae5f157c971
With common HTTP header above, we can access the API after user login
Here is a example on common HTTP header after authentication:
HTTP header
Note about x-li-digest:
The digest example was generated as following
sha1( jeams${{http method in lower case}}${{url}}$${{user token}}${{value from x-li-request-time}} )--->
sha1( jeams$get$https://lihkg.com/api_v2/thread/634747/page/1?order=reply_time$$fc108e0701575efb4a70b69db2779860d02b9d33$1525597958 )--->
82f1f6d46e14f73b088fbac68984aae5f157c971With common HTTP header above, we can access the API after user login