ããã«ãŒãã³ã³ãã¥ãŒã¿ãŒã·ã¹ãã ã®ææè ãè¡ãæ»æãšé²åŸ¡ã®ãã²ãŒã ãã¯äžæ£ãªã²ãŒã ã§ããããšã«æ³šæããããšãéèŠã§ããæ»æè ãã·ã¹ãã ã«äŸµå ¥ãã1åã ãåã€ã ãã§ååã§ãããããŠãé²åŸ¡ãã人ã¯åžžã«åã€ããšã«ãã£ãŠã®ã¿åã€ããšãã§ããŸããããã§ã®äž»ãªé£ããã¯ãäœãæ¢ãã¹ãããç¥ãããšã§ããããããé²åŸ¡åŽãããã«ãŒãèªåã®ã·ã¹ãã ã«äŸµå ¥ã§ããä»®æ³ã®ããã¢ãã®çš®é¡ãç¥ã£ãåŸããããã®ããã¢ãã¯ããªãåçŽãªã¡ã«ããºã ã䜿çšããŠä¿è·ã§ããŸããç§ã¯ããããã®ã¡ã«ããºã ã®åçŽãããããã®éèŠæ§ãäœäžãããããšããããå€ãã®ã³ã³ãã¥ãŒã¿ãŒã·ã¹ãã ã®æè·è ããããã®ã¡ã«ããºã ãèŠèœãšããŠããçç±ã§ãããšä¿¡ããŠããŸãã
ãããããã®èšäºã§é瀺ããã·ã¹ãã ãä¿è·ããããã®åºæ¬çãªã«ãŒã«ã§ãããããã¯åçŽã§ãããããã¯ããªããå 責ã§ããããå¿ããããšãã§ãããšããæå³ã§ã¯ãããŸããïŒ
- (multi-factor authentication, MFA) , . Google GitHub, , VPN-. MFA â .
- , .
- , . .
- . , .
æ©å¯æ å ±ã®æŒãããã»ãã¥ãªãã£ã·ã¹ãã ã®ãç©Žãã®åºçŸãé²ããšããç¹ã§ã¯ããã¬ãŒãã®ååãæ©èœãã20ïŒ ã®åªåã80ïŒ ã®çµæããããããŸãã
ããã«ãŒããã¹ã¯ãŒããšç§å¯éµãèŠã€ãããšããã©ã®ããã«æ©èœããŸããïŒåœŒãã¯ã©ã®ãããªããŒã«ã䜿çšããŠããŸããïŒ
ããã«ãŒã¯JavaScriptãã¡ã€ã«ã§ç§å¯ã®ããŒã¿ãèŠã€ããŸã
APIããŒã¯ã€ã³ã¿ãŒãããå šäœã«æ£ãã°ã£ãŠããŸããã©ãªãã§ããå©çšããã ããŸããäºå®ã§ããå€ãã®å ŽåãããŒãå ¬éãããŠããç¹å¥ãªçç±ã¯ãããŸãããéçºè ã¯ã©ãã§ãããããåã«å¿ããŸããããšãã°ãããŒã¯æ¬¡ã®çç±ã§ã³ãŒãã«å ¥ããŸãã
- ãããã°ã®ç®çã§ã
- ããŒã«ã«éçºã®ç®çã§ã
- åŸã§ãããžã§ã¯ãããµããŒããã人ã察象ãšããã³ã¡ã³ãã®åœ¢ã§ã
次ã®ãããªã³ãŒãã®ãããã¯ã¯ãã€ã³ã¿ãŒãããäžã§éåžžã«é »ç¹ã«èŠã€ãããŸãã
// DEBUG ONLY
// TODO: remove -->
API_KEY=t0psecr3tkey00237948
å€ãã®ããã«ãŒã¯èªåã§JavaScriptãã¡ã€ã«ãèªã¿åããŸãããã»ãšãã©ã®å Žåãmegãªã©ã®ããŒã«ã䜿çšããŠãã®ãããªãã¡ã€ã«ãæ€çŽ¢ããäžèŽãããã¿ãŒã³ããªããã©ããã確èªããŸãã
ã©ããã£ãŠãã£ãŠããã®ïŒã¹ãã£ããŒã䜿çšããåŸã
meg
ããŸããŸãªãã¿ãŒã³ã«äžèŽãããã¡ã€ã«å
ã®æååãæ¢ããŠããããã§ããäœæãã人ã¯meg
ãå¥ã®åªããããã°ã©ã ãäœæããŸãããããã¯ãŸãã«æå³ããããã®ã§ããããã¯gfãšåŒã°ããæ¹è¯çgrep
ã§ãããã®å Žåãèµ·åæã«gf
ãªãã·ã§ã³ã䜿çšããtruffleHog
ãããã®èšè¿°ã®å¥ã®å€åœ¢ã§trufflehog
ãããŒã«ãAPIã®ããŒã§ããé«ãšã³ããããŒæååãèŠã€ããããšãã§ããŸããæååæ€çŽ¢ã«ã€ããŠãåãããšãèšããŸãAPI_KEY
..ããã®ãããªæååã®æ€çŽ¢çµæã¯ãå€ãã®å ŽåïŒããŸãã«ãé »ç¹ã«ïŒæåããŸãã
å€ãã®å ŽåãããŒãã³ãŒãã«è¡šç€ºãããã®ã¯å®å šã«éåžžã®çç±ã§ããããã®ãããªããŒã¯éšå€è ããä¿è·ãããŠããŸãããäŸãæããŸããããç§ãäžç·ã«åããããã¯ã©ã€ã¢ã³ãã¯ãå€éšã®å°å³æ å ±ãµãŒãã¹ã䜿çšããŠããŸãããããã¯å€ãã®ãããžã§ã¯ãã§è¡ãããŸãããããæ å ±ãããŒãããŠæäœããã«ã¯ãããŒã䜿çšããŠå¯Ÿå¿ããAPIãåŒã³åºãå¿ èŠããããŸãããããããç§ã®ã¯ã©ã€ã¢ã³ãã¯ããµãŒãã¹ããã®ç¹å®ã®ããŒã䜿çšããŠèŠæ±ãåä¿¡ã§ãããœãŒã¹ãå¶éããããã«äœ¿çšããŠãããµãŒãã¹ãæ§æããã®ãå¿ããŠããŸãããããããµãŒãã¹ã«å€ãã®ãªã¯ãšã¹ããéä¿¡ããããšã§ãããããµãŒãã¹ã®ãªãœãŒã¹äœ¿çšéã®å²ãåœãŠã䜿ãæãããšããåçŽãªæ»æãæ³åããã®ã¯é£ããããšã§ã¯ãããŸãããããã¯ããã®ãããªãµãŒãã¹ã®ãŠãŒã¶ãŒã«å€é¡ã®è²»çšããããå¯èœæ§ããããŸãããŸãã¯ãïŒæ»æè ã®èŠ³ç¹ããïŒãããè¯ããå Žåã§ãããã®ãããªæ»æã¯ãã«ãŒãã«é¢é£ä»ããããŠããã¯ã©ã€ã¢ã³ãã®ãããžã§ã¯ãã®éšåãåã«ãèœã¡ãããšããäºå®ã«ã€ãªããå¯èœæ§ããããŸãã
JSãã¡ã€ã«ã¯ãç§å¯ã®ããŒã¿ãèŠã€ããã ãã§ãªããããã«ãŒã«ãã£ãŠäœ¿çšãããŸããçµå±ã®ãšããããã®ãããªãã¡ã€ã«ã¯ã¢ããªã±ãŒã·ã§ã³ã®ã³ãŒãã§ããããã®ã³ãŒãã«èå³ã®ãã人ãªã誰ã§ãèŠãããšãã§ããŸããåªããããã«ãŒã¯ãã³ãŒãã泚ææ·±ãèªãã åŸãã³ãŒãã§äœ¿çšãããŠãããšã³ãã£ãã£ã®åœåæ¹æ³ãç解ããAPIãžã®ãã¹ãèŠã€ãã貎éãªã³ã¡ã³ããèŠã€ããããšãã§ããŸãããã®ãããªçµæã¯ãèªåã¹ãã£ããŒã«æž¡ãããåèªã®ãªã¹ããšããŠãã©ãŒããããããŸããããã¯ãããããã€ã³ããªãžã§ã³ãèªåã¹ãã£ã³ãã§ãããããã«ãŒã¯èªåããŒã«ãšç¹å®ã®ãããžã§ã¯ãã«é¢ããŠåéããæ å ±ãçµã¿åãããŸãã
ããã¯ããããããžã§ã¯ãã®ããŒã ããŒãžããã®å®éã®ã³ã¡ã³ãã§ããããã¯ã誰ããããŒã¿ãååŸã§ããå®å šã§ãªãAPIã«ã€ããŠãã¬ãŒã³ããã¹ãã§èª¬æããŠããŸãã
/* Debug ->
domain.com/api/v3 not yet in production
and therefore not using auth guards yet
use only for debugging purposes until approved */
âã©ãããïŒ
- . . , , .
- API. , . , .
- , , . , , , , , , . , .
- , . . , .
grep
gf
. . , , . - -. , - . 100% . - â .
, -
ã€ã³ã¿ãŒãããã¢ãŒã«ã€ãïŒããŠã§ã€ããã¯ãã·ã³ããšãåŒã°ããŸãïŒã«ã¯ãWebãµã€ãã®å®æçãªã¹ãããã·ã§ãããä¿åãããŸãããã®ãããžã§ã¯ãã§ã¯ãäœå¹Žãåã®ã€ã³ã¿ãŒãããã®æ§åãèŠãããšãã§ããŸããã¢ãŒã«ã€ãããŒã¿ã¯ãç¹å®ã®ãããžã§ã¯ãã«é¢ããæ å ±ãåéããå¿ èŠãããããã«ãŒã«ãšã£ãŠéåžžã«èå³æ·±ããã®ã§ããããªãã®ãããªããŒã«ã䜿çšããŠãŠã§ããµã€ãã®å€ãå€çš®ã®ããã®ãã¡ã€ã«ãã¹ãã£ã³ããããšãã§ãwaybackurlsãïŒã«åºã¥ããŠwaybackurls.pyïŒãã€ãŸãããµã€ãã³ãŒãã§ããŒãèŠã€ããŠããããåé€ããããããŒãããŒããŒã·ã§ã³ããªãã£ãå Žåã§ããããã«ãŒã¯å€ãããŒãžã§ã³ã®ãµã€ãã§ãã®ããŒãèŠã€ãããã®ããŒã䜿çšããŠã·ã¹ãã ããããã³ã°ã§ããŸãã
ããã¹ãã§ã¯ãªãããŒãèŠã€ããå Žåã®å¯ŸåŠæ¹æ³ã¯æ¬¡ã®ãšããã§ãã
- 䟵害ãããããŒã眮ãæããããã«èšèšãããããŒãäœæããŸãã
- æ°ããããŒã䜿çšããã³ãŒãã®æ°ããããŒãžã§ã³ããªãªãŒã¹ããŸãããã®ã³ãŒãã¯ãããŒãç°¡åã«èå¥ã§ããè¡ãå«ãŸããªãããã«æžãçŽãå¿ èŠããããŸãã
- å€ãããŒãåé€ãŸãã¯éã¢ã¯ãã£ãåããŸãã
âéµãèŠã€ããå Žæã¯ã€ã³ã¿ãŒãããã¢ãŒã«ã€ãã ãã§ã¯ãããŸãã
å€ãã³ãŒãã¯ãæ»æè ã«èå³ã®ããããŸããŸãªæ å ±ãæäŸããŸãã
- APIã·ãŒã¯ã¬ãããã¹ãéçºè ã決ããŠå ±æããªããšèããŠãããã»ãã¥ãªãã£ã§ä¿è·ãããŠããªãAPIãšã³ããã€ã³ãã«ã€ããŠè©±ããŠããŸããããã«ãŒãçºèŠãããã¹ã¯åœ¹ã«ç«ããªãå ŽåããããŸããããããã®ãã¹ã¯ããããžã§ã¯ãã®APIã®èšèšãšãã®APIèŠåãç解ããã®ã«åœ¹ç«ã¡ãŸãããµã€ãã³ãŒããæ¬çªç°å¢ã«ç§»è¡ããåŸãéçºè ã¯ãã®ã³ãŒãã詮玢奜ããªç®ããé ãæ¹æ³ããããŸããããããèŠããŠããããšã¯éåžžã«éèŠã§ãã
- -. , API, . , . , , . , -. , , . , , . ,
s
https
.
GitHub
GitHubã¯ããã«ãŒã®ããã®éé±ã§ããã©ããèŠãã°ãããããã£ãŠããã°ãç°¡åãªæ€çŽ¢ããŒã«ã䜿ã£ãŠé¢çœããã®ãããããèŠã€ããããšãã§ããŸããçµç¹ã®GitHubã¢ã«ãŠã³ããå€èŠçŽ èªèšŒã«ãã£ãŠä¿è·ãããŠããªãå Žåãçµç¹ã®ãã¹ãŠã®åŸæ¥å¡ã¯ãäŸå€ãªããã»ãã¥ãªãã£ããŒã«ãæ©ããŠããŸããäžéšã®åŸæ¥å¡ãã©ãã§ãåããã¹ã¯ãŒãã䜿çšããŠããå¯èœæ§ãããããã®ãã¹ã¯ãŒãã¯ä»ã®ã·ã¹ãã ãä»ããŠãã§ã«çãŸããŠããå¯èœæ§ããããŸããç¹å®ã®çµç¹ã«é¢å¿ã®ããããã«ãŒã¯ã䟵害ããããã¹ã¯ãŒãã®æ€çŽ¢ãç°¡åã«èªååã§ããŸãããç§ãèšããããšã¯ã圌ã¯ãã®ãããªãã¹ã¯ãŒããæåã§èŠã€ããããšãã§ãããšããããšã§ãã
çµç¹ã®åŸæ¥å¡åç°¿ã¯ããªãŒãã³ãœãŒã¹ã€ã³ããªãžã§ã³ã¹ïŒOSINTïŒæè¡ã䜿çšããŠäœæã§ããŸãã LinkedInãŸãã¯GitHubã®äŒç€Ÿã®åŸæ¥å¡ã®å ¬éãªã¹ãã¯ãæ»æè ããããè¡ãã®ã«åœ¹ç«ã¡ãŸãã
ããšãã°ã誰ãããã¹ã©ãããã¯ããããšã«æ±ºããå Žåã圌ã¯ãã®ããŒãžããäŒç€Ÿã®å匷ãå§ãããããããŸããïŒ
https://api.github.com/orgs/teslamotors/members
ãŸããäŒæ¥ãGitHubãgitãã©ãããã©ãŒã ãšããŠäœ¿çšããŠããªããŠããGitHubã«ã¯äŸ¡å€ã®ãããã®ããããŸããäŒç€Ÿã®åŸæ¥å¡ã®å°ãªããšã1人ããããšãã°ããŒã ãããžã§ã¯ãã«ãã®ãã©ãããã©ãŒã ã䜿çšããã ãã§ååã§ãããã®ãããžã§ã¯ãã®ã³ãŒãïŒãŸãã¯gitã®æŽå²ïŒã«äŒç€Ÿã®ç§å¯ãå«ãŸããŠããå Žåãããã¯ãã®äŒç€Ÿã®ã·ã¹ãã ã«æµžéããã®ã«ååã§ãã
åãããžã§ã¯ãã«å ããããå€æŽã®å®å šãªå±¥æŽã远跡ããããšã¯ãgitã®æ§è³ªã§ããã»ãã¥ãªãã£ã®åé¡ã«ç §ãããŠããã®äºå®ã¯å€§ããªåœ¹å²ãæãããŸããèšãæããã°ãçµç¹ã®ã·ã¹ãã ã®ããããã«ã¢ã¯ã»ã¹ã§ãã人ãã³ãŒãã«å ãããã¹ãŠã®å€æŽã¯ããã®çµç¹ãå±éºã«ããããŸãã
âãªããããèµ·ãã£ãŠããã®ã§ããïŒ
- äŒæ¥ã¯ã·ã¹ãã ã®è匱æ§ããã§ãã¯ããŸããã
- , , .
- , , ( , , 1%), ( â git, , , ).
- , . .
â GitHub
ãdorksãã®ãããªãã®ããããŸããããã¯ãæ€çŽ¢ãšã³ãžã³ã®ããŸããŸãªæ©èœã䜿çšããŠç¹å®ã®ããŒã¿ã«é¢é£ãããã®ãèŠã€ããç¹å¥ãªæ€çŽ¢ã¯ãšãªã§ããããã¯ãexploit-db.comã«ããGoogleã®åæ§ã®æ€çŽ¢ã®èå³æ·±ããªã¹ãã§ãã
ãã®ãããã¯ãããã«æ·±ãæãäžãããå Žåã¯ãããããããšããå§ãããŸããGitHubã§ããŒãšãã¹ã¯ãŒããèŠã€ããããã«äœ¿çšãããæååã®çããªã¹ããæäŸããåã«ãæèœã®ããã·ã¹ãã ã»ãã¥ãªãã£ç 究è ã«ãã£ãŠæžããããã®è²Žéãªè³æãèªãããšããå§ãããŸãã圌ã¯ãGitHubã§æ€çŽ¢ããæ¹æ³ãå 容ãå ŽæãããŒã¯ã®äœ¿çšæ¹æ³ã«ã€ããŠèª¬æããç§å¯ã®ããŒã¿ãæåã§èŠã€ããããã»ã¹ã®æŠèŠã説æããŸãã
GitHubã§äœ¿çšãããéè·¯ã¯ãGoogleã§äœ¿çšãããéè·¯ã»ã©è€éã§ã¯ãããŸãããããã§ã®ãã€ã³ãã¯ãGitHubããŠãŒã¶ãŒã«Googleãšåãé«åºŠãªæ€çŽ¢æ©èœãæäŸããŠããªããšããããšã§ãããšã«ãããGitHubãªããžããªãæ£ããæ€çŽ¢ãããšé©ç°çã«æ©èœããŸããèå³ã®ãããªããžããªã§æ¬¡ã®è¡ãæ€çŽ¢ããŠã¿ãŠãã ããã
password
dbpassword
dbuser
access_key
secret_access_key
bucket_password
redis_password
root_password
ãŸãã
filename:.npmrc _auth
ãfilename:.htpasswd
ãªã©ã®ã¯ãšãªã䜿çšããŠç¹å®ã®ãã¡ã€ã«ãæ€çŽ¢ããããšãããšãããŒã¿ãªãŒã¯ã¿ã€ãã§æ€çŽ¢çµæããã£ã«ã¿ãªã³ã°ã§ããŸããããã ããã®ãããã¯ã«é¢ããå¥ã®è¯ãäœåãã
âGitHubã«é¢é£ãããªã¹ã¯è»œæžç
- è匱æ§ã«ã€ããŠã³ãŒããã¹ãã£ã³ããããšãCIããã»ã¹ã®äžéšã«ããŸããåªããGitRobããŒã«ãããã«åœ¹ç«ã¡ãŸãã
- . GitRob . ,
no-expand-orgs
. - . GitRob, , 500 , ,
-commit-depth <#number>
. - GitHub !
- , , , , . G Suite Active Directory. , .
ãã®è³æãå ¬éãããåŸããã®èªè ã®äœäººãã¯ããã¹ã¯ãŒãã®è€éããšãã®ããŒããŒã·ã§ã³ãããã³æ å ±ã®ããŒããŠã§ã¢ä¿è·ã®äœ¿çšã«é¢ããŠè²Žéãªã³ã¡ã³ããããŸããã
ããã@ codemouse92ã®ã³ã¡ã³ãã§ãïŒ
ãã¹ã¯ãŒããã°ãªã³ã䜿çšãããå Žåã¯åžžã«ãè€éã§äžæã®ãã¹ã¯ãŒãã䜿çšããŠãã ããããã ããè€éãªãã¹ã¯ãŒãã¯ãå¿ ãããæåãæ°åãç¹æ®æåã®äžæè°ãªå¯ãéãã§ãããšã¯éããªãããšã«æ³šæããŠãã ãããçŸåšã®æåã®æŠç¥ã¯ãé·ããã¬ãŒãºããã¹ã¯ãŒããšããŠäœ¿çšããããšã§ãããã¹ã¯ãŒããããŒãžã£ãŒã«ã€ããŠäžèšç³ãäžããŸãããã®ãããªããã°ã©ã ã䜿çšããããšã¯ééããªã䟡å€ããããŸããããŠãŒã¶ãŒãèŠããŠããŠèªåã§å ¥åã§ãããã¬ãŒãºã§ãããã¹ã¯ãŒãã䜿çšããããšããå§ãããŸãã
ãŠãŒã¶ãŒ@corymcdonaldã®ã³ã¡ã³ãã¯æ¬¡ã®ãšããã§ãã
ç§ãåããŠãããšããã§ã¯ã誰ããå€èŠçŽ èªèšŒããŒããŠã§ã¢ãäžããããŠããŸããããããã«2ã€ã®YubiKeyããã€ã¹ããããŸããããã«ãåããŒã ã¯1Passwordãã¹ã¯ãŒããããŒãžã£ãŒã䜿çšããåããŒã ã«ã¯ç¬èªã®ãã¹ã¯ãŒãã¹ãã¢ããããŸããåŸæ¥å¡ãäŒç€ŸãèŸãããšããµããŒãããŒã ã¯ãåŸæ¥å¡ãã¢ã¯ã»ã¹ãããã¹ãŠã®ããŒã«ãã®ãã¹ã¯ãŒããããŒããŒã·ã§ã³ããŸããããšãã°ãå人çã«ã¯ãGitHubã§AWSã«ã¢ã¯ã»ã¹ããããã®ããŒãã¢ããããŒãããŠãèš±ãããªãééããç¯ããŸãããã³ãããããåã«ãgit-secretsã䜿çšããŠè³æã確èªããããšããå§ãããŸããããã«ãããåé¡ãããæ å ±ã®ããã«èŠãããã®ãå ±æãããªããªããŸãã
ããã«ãŒã¯Googleã䜿çšããŸã
ããŒã¯ã®åºæ¬ãç解ããã®ã§ãGoogleã§ã®ç¹å®ã®æ€çŽ¢ã¯ãšãªã®äœ¿çšã«ã€ããŠèª¬æããŸããããã§ããªãã¯åœŒãã®å©ããåããŠä¿¡ããããªãã»ã©ã®ãã®ãèŠã€ããããšãã§ããŸãã Googleã¯åŒ·åãªæ€çŽ¢ãšã³ãžã³ã§ãããæ¢ããŠããããŒã¿ã«ååšããå¿ èŠãããæååãšååšããªãæååã説æããã¯ãšãªãäœæã§ããŸãã Googleã§ã¯ãç¹ã«ãç¹å®ã®æ¡åŒµåãæã€ãã¡ã€ã«ãæ€çŽ¢ããããæå®ãããã¡ã€ã³ãURLãæ€çŽ¢ãããã§ããŸãã次ã®æ€çŽ¢æååãèŠãŠãã ããã
"MySQL_ROOT_PASSWORD:" "docker-compose" ext:yml
ãã®æååã¯ãæ¡åŒµåãä»ãããã¡ã€ã«ãæ€çŽ¢ããããã«èšèšãããŠããŸã
yml
ãããã«ããããã¯docker-compose
éçºè
ããã¹ã¯ãŒããä¿åããããšãå€ããã¡ã€ã«ã§ããå¿
èŠããããŸããç¹ã«äžæã®ãã¹ã¯ãŒãã§ã¯ãããŸããããã®æååã«å¯ŸããŠGoogleæ€çŽ¢ãå®è¡ããŠã¿ãŠãã ãããããªãã¯ããªããèŠã€ãããã®ã«é©ãããããšã§ãããã
ä»ã®èå³æ·±ãæ€çŽ¢æååã¯ãRSAããŒãŸãã¯AWSè³æ Œæ å ±ãæ¢ããŠããå¯èœæ§ããããŸããå¥ã®äŸã次ã«ç€ºããŸãã
"-----BEGIN RSA PRIVATE KEY-----" ext:key
ããã§ã¯ãç¡éã®å¯èœæ§ãç§ãã¡ã®åã«éãããŸããæ€çŽ¢ã®è³ªã¯ãç 究è ã®åµé æ§ã®ã¬ãã«ãšã圌ãããŸããŸãªã·ã¹ãã ã«ã©ãã ã粟éããŠãããã«ã®ã¿äŸåããŸããããã ããªãã¯è©ŠããŠã¿ããå Žåã¯ãGoogle Dorksã®å€§ããªãªã¹ããã
ããã«ãŒã¯ãé¢å¿ã®ããã·ã¹ãã ã粟æ»ããŸã
ã»ãã¥ãªãã£ç 究è ïŒãŸãã¯æ欲çãªããã«ãŒïŒãç¹å®ã®ã·ã¹ãã ã«éåžžã«èå³ãæã£ãŠãããšãã圌ã¯ãã®ã·ã¹ãã ã培åºçã«ç 究ãå§ããŸãã圌ã¯åœŒå¥³ãããç¥ãããã«ãªãã圌ã¯ãAPIãšã³ããã€ã³ãããšã³ãã£ãã£ã®åœåèŠåãã·ã¹ãã ã®å éšéšåã®çžäºäœçšã®æ©èœãç°ãªãããŒãžã§ã³ã®ã·ã¹ãã ãåæã«äœ¿çšãããŠããå Žåã®ç°ãªãããŒãžã§ã³ã®ã·ã¹ãã ãžã®ã¢ã¯ã»ã¹ã«é¢å¿ããããŸãã
APIãä¿è·ããããã®ããŸãè¯ããªãã¢ãããŒãã¯ãAPIã«ã¢ã¯ã»ã¹ããããã®ãã¹ãè€éã«ããã©ã³ãã æåãžã§ãã¬ãŒã¿ãŒã®ãããªãã®ã䜿çšããŠããããé衚瀺ã«ããããšã§ããããã¯ãå®éã®ã»ãã¥ãªãã£ã¡ã«ããºã ã«ä»£ãããã®ã§ã¯ãããŸãããã»ãã¥ãªãã£ç 究è ã¯ãããšãã°ãè匱æ§ã®ããã¡ãžãŒãæ€çŽ¢çšã®ããŒã«ã䜿çšããŠãã·ã¹ãã ãAPIãšã³ããã€ã³ããžã®ã»ãã¥ãªãã£ã§ä¿è·ãããŠããªãã¢ã¯ã»ã¹ãã¹ãèŠã€ããããšããŠããŸãããã®ãããªããŒã«ã¯ãåèªã®ãªã¹ãã䜿çšããããããããã¹ãäœæãããããã«ã¢ã¯ã»ã¹ããããšãããšãã«åä¿¡ããå¿çãåæããããšã«ãã£ãŠããããã®ãã¹ãæ€èšŒããŸãããã®ãããªã¹ãã£ããŒã¯ãå®å šã«ã©ã³ãã ãªæåã®ã»ããã§è¡šããããã¹ã§ãããšã³ããã€ã³ããæ€åºããŸããããããããã®ãããªããŒã«ã¯ããã¿ãŒã³ãèå¥ããã·ã¹ãã ã®ææè ãå¿ããããŸãã¯ç¥ããªãã£ããšã³ããã€ã³ããèŠã€ããã®ã«åªããŠããŸãã
ããããŸããã«ããã»ãã¥ãªãã£ãã¯ã·ã¹ãã ãä¿è·ããããã®æè¯ã®æ¹æ³ã§ã¯ãªãããšãå¿ããªãã§ãã ããïŒãã ããå®å šã«ç¡èŠããã¹ãã§ã¯ãããŸããïŒã
ããã§ãäžèšã§èª¬æããGitHubããŒã¯ããµã€ããŒç¯çœªè ã®å©ãã«ãªããŸããã·ã¹ãã ã®ãšã³ããã€ã³ããžã®ãã¹ïŒããšãã°ãã®ãããªãã®
api.mydomain.com/v1/payments/...
ïŒãæ§ç¯ãããšãã«äœ¿çšãããã«ãŒã«ãç¥ãããšã¯ãããã«ãŒã«ãšã£ãŠéåžžã«åœ¹ç«ã¡ãŸããäŒç€Ÿã®GitHubãªããžããªïŒããã³ãã®åŸæ¥å¡ã®ãªããžããªïŒã§APIé¢é£ã®æååãæ€çŽ¢ãããšãã©ã³ãã ãªæåãå«ããã¹ãèŠã€ããããšããããããŸãã
ããããããã«ããããããããã©ã³ãã ãªæååãã¯ã·ã¹ãã å ã§ãã®äœçœ®ãå ããŠããŸãããããã®äœ¿çšã¯ãåžžã«ããè¯ãããã«ãªãœãŒã¹èå¥åãæååããã®é åã䜿çšããããããã
users
ãšAPIãžã®ãã¹ã§orders
ã
ããã§ã¯ããšã³ãã£ãã£ãåœåããéã«äœ¿çšãããå€ãã®æååãå«ãçŽ æŽãããSecListsãªããžããªã¯ããããŸããããã¯ãããŒã¿ä¿è·æ¥çã®ã»ãŒãã¹ãŠã®äººã«äœ¿çšãããŠããŸããå€ãã®å Žåããããã®è³æã¯ç¹å®ã®ã·ã¹ãã çšã«å€æŽãããŠããŸãããæå·åãããããã¹ãèŠã€ããããã«äœ¿çšã§ãããã1ã€ã®ããŒã«ã¯ãGoã§èšè¿°ãããéåžžã«é«éãªãã¡ãžãŒããžãã¯ããã°ã©ã ã§ããFFufã§ãã
çµæ
ã»ãã¥ãªãã£ã®åé¡ã¯ãã¹ã¿ãŒãã¢ããã§ã¯èŠéããããã¡ã§ããããã°ã©ããŒãšãããŒãžã£ãŒã¯éåžžã補åãªãªãŒã¹ã®éçºé床ãšé »åºŠãåªå ããå質ãšå®å šæ§ãç ç²ã«ããŸããããã§ã¯ããªããžããªã«å ¥ãã³ãŒãã«ç§å¯æ å ±ãå«ãŸããŠããããšãã·ã¹ãã å ã®ããŸããŸãªå Žæã§åãããŒã䜿çšããŠããããšãä»ã®äœãã䜿çšã§ããã¢ã¯ã»ã¹ããŒã䜿çšããŠããããšãããããŸãããã®ãããªããšã§ãããžã§ã¯ãã®äœæ¥ãã¹ããŒãã¢ããã§ããããã«èŠããããšããããŸãããæéã®çµéãšãšãã«ãéåžžã«æªãçµæã«ã€ãªããå¯èœæ§ããããŸãã
ãã®æçš¿ã§ã¯ããã©ã€ããŒããªããžããªã«ä¿åããããšã§ä¿è·ãããŠããããã«èŠããæååãç°¡åã«å ¬éããæ¹æ³ã玹ä»ããŸãããåãããšããåæã®ããåŸæ¥å¡ã«ãã£ãŠäœæããã詮玢奜ããªç®ãæå³ããŠããªãããå ¬éãããŠããããšãå€æãããªããžããªã®ã¯ããŒã³ã«ãåœãŠã¯ãŸããŸãããã ããå®å šãªãã¹ã¯ãŒãå ±æããŒã«ã䜿çšããããã·ãŒã¯ã¬ããã®éäžãªããžããªã䜿çšãããããã¹ã¯ãŒãã»ãã¥ãªãã£ããªã·ãŒãæ§æããããå€èŠçŽ èªèšŒãè¡ã£ããããããšã§ãå®å šãªæäœã®åºç€ãæ§ç¯ã§ããŸããããã«ãããã»ãã¥ãªãã£ãç¡èŠããããšãªãããããžã§ã¯ãã®äœæ¥é床ãäœäžãããããšããªããªããŸãã
æ å ±ã®ä¿è·ã«é¢ããŠã¯ãé床ãæãéèŠã§ãããšããèãã¯ããã§ã¯ããŸãæ©èœããŸããã
ããã«ãŒãã©ã®ããã«æ©èœãããã«ã€ããŠã®ç¥èãåŸãããšããéåžžãæ å ±ã»ãã¥ãªãã£ãšã¯äœããç解ããããã®éåžžã«è¯ã第äžæ©ã§ããããã¯ãã·ã¹ãã ãä¿è·ããããã®æåã®ã¹ãããã§ããã·ã¹ãã ãä¿è·ãããšãã¯ãã·ã¹ãã ã«äŸµå ¥ããäžèšã®æ¹æ³ãšãããã«ãŒããã®ãããªæ¹æ³ã®ããªãéãããã»ããã䜿çšãããšããäºå®ãèæ ®ããŠãã ãããã»ãã¥ãªãã£ã®èŠ³ç¹ãããå€éšã¡ã«ããºã ãå éšã¡ã«ããºã ãã«é¢ä¿ãªããäœããã®åœ¢ã§ç¹å®ã®ã·ã¹ãã ã«é¢é£ãããã¹ãŠã®ãã®ãå®å šã«èæ ®ããããšããå§ãããŸãã
ã·ã¹ãã ã®ã»ãã¥ãªãã£ã¯ãããã»ã©éèŠã§ã¯ãªããã®ã®ãæéãããããå€å¿ã§ãããšèŠãªãããå ŽåããããŸãããã ããã·ã¹ãã ãä¿è·ããããã®ç°¡åãªæé ã§ãå€ãã®åé¡ãåé¿ã§ããŸãã®ã§ããå®å¿ãã ããã
ã·ã¹ãã ãã©ã®ããã«ä¿è·ããŸããïŒ