CN111277418B - Method for realizing Api interface security - Google Patents

Method for realizing Api interface security Download PDF

Info

Publication number
CN111277418B
CN111277418B CN202010097133.0A CN202010097133A CN111277418B CN 111277418 B CN111277418 B CN 111277418B CN 202010097133 A CN202010097133 A CN 202010097133A CN 111277418 B CN111277418 B CN 111277418B
Authority
CN
China
Prior art keywords
request
interface
token
application code
appid
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010097133.0A
Other languages
Chinese (zh)
Other versions
CN111277418A (en
Inventor
刘德建
叶伟
郑彬
李正
岳万恕
陈宏展
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujian Tianqing Online Interactive Technology Co Ltd
Original Assignee
Fujian Tianqing Online Interactive Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Tianqing Online Interactive Technology Co Ltd filed Critical Fujian Tianqing Online Interactive Technology Co Ltd
Priority to CN202010097133.0A priority Critical patent/CN111277418B/en
Publication of CN111277418A publication Critical patent/CN111277418A/en
Application granted granted Critical
Publication of CN111277418B publication Critical patent/CN111277418B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a method for realizing the security of an Api interface, which comprises the following steps: step 1: the system application with the Api interface in the access direction; step 2: after obtaining an application code AppID and an application key AppSercet of an application, an access party starts to organize a request to a system interface; step 3: the system returns the data information to be returned to the access party after carrying out Des encryption on the content key DesSecret returned by the interface corresponding to the application code AppID according to the service interface request; step 4: after obtaining the returned content of the request interface, the access side uses the interface returned content key DesSecret distributed by the system to decrypt Des, and the returned content is obtained. The invention effectively ensures the safety of the interface.

Description

Method for realizing Api interface security
Technical Field
The invention relates to the technical field of network communication, in particular to a method for realizing the security of an Api interface.
Background
Today, various Api interfaces are endless, such as interface calls between different teams inside a company, functional interfaces for opposite users, third party service interfaces, etc. A good Api has many dimensions to measure, where security and simplicity are the most basic and important two dimensions of an Api interface, but often these 2 dimensions are paradox, the more complex the design, the higher the security, but for an access party, it is a laborious event, it is too difficult to access and not easy to understand, and many intolerable communication costs are generated. The design is too simple and not feasible, the interface has the risk of being tampered and invoked, and the security of the interface is directly influenced by Api recharging, prize issuing, sensitive data and the like. It is important to design a good Api interface that is both simple and secure.
Disclosure of Invention
In order to overcome the problems, the invention aims to provide a method for realizing the safety of the Api interface, which can effectively ensure the safety of the interface.
The invention is realized by adopting the following scheme: a method of implementing Api interface security, the method comprising the steps of:
step 1: the system application with the Api interface in the access direction;
step 2: after obtaining an application code AppID and an application key AppSercet of an application, an access party starts to organize a request to a system interface; the step 2 specifically comprises the following steps:
step 2.1: the access party requests to acquire a Token interface to acquire a Token;
step 2.2: after obtaining Token, the access party has the right to request a service interface with specific function from the system, and obtains the parameters required by the service interface and the signature rules to organize the service signature SdkSign;
step 2.3: requesting a service interface according to the Token and the service signature SdkSign, and adding parameters required by the service interface;
step 3: the system returns the data information to be returned to the access party after carrying out Des encryption on the content key DesSecret returned by the interface corresponding to the application code AppID according to the service interface request;
step 4: after obtaining the returned content of the request interface, the access side uses the interface returned content key DesSecret distributed by the system to decrypt Des, and the returned content is obtained.
Further, the step 2.1 is further specifically: the access party transmits an application code AppID, a current timestamp Ticket and a Sign request to acquire a token interface, wherein the Sign is a value obtained by performing MD5 encryption by splicing 3 parameters of AppID+Ticket+AppSercet; the Token is valid for a preset time, that is, the Token is not required to be repeatedly requested for the preset time, and the Token is considered valid.
Further, the step 2.1 further includes the following steps:
step 2.1.1: after receiving the request of the step 2, the system firstly obtains a corresponding application key AppSercet according to an application code AppID and checks whether the Sign signature is legal and effective;
step 2.1.2: secondly, the system checks whether the Ticket is within a time threshold range of server errors, and the out-of-range is regarded as an expiration request;
step 2.1.3: finally, the system checks whether the request IP is in an IP white list allowed by an application code AppID;
step 2.1.4: if all the steps 2.1.1 to 2.1.3 are legal, the system organization token value is returned to the access party; the Token is a Json string consisting of an application code AppID, an expiration time ExpireTime, and a random string, and is encrypted by the DES of the system to obtain a value, which is stored in the Redis cache for verifying validity before being returned to the access party.
Further, the signature rule organizes a service signature SdkSign specifically as follows: according to the unified signature rule, the parameters required by the service interface are sequenced from small to large according to the parameter names ASCII, the parameters required by the service interface are combined together to obtain text1, the text1 is converted into small text to obtain text2, and the text2+AppSecret is subjected to MD5 encryption to obtain a 32-bit MD5 value, namely SdkSign.
Further, the step 2.3 further includes the following steps:
step 2.3.1: after receiving the service interface request, the system firstly decrypts the Token and analyzes the contained application code AppID information, and if the analysis fails, the system is regarded as an illegal request;
step 2.3.2: after analyzing the application code AppID, obtaining a Redis cache key according to the application code AppID, reading a Token, checking whether the Token exists or not, and if not, considering the Token as an illegal request;
step 2.3.3: acquiring AppSercet according to the resolved application code AppID, organizing a signature according to a signature rule, and comparing whether SdkSign is legal or not;
step 2.3.4: checking whether the request IP is in an IP white list allowed by an application code AppID;
step 2.3.5: judging whether the system has excessive requests in the current hour, namely running a planning task by the system, counting the request amount of each application interface system in the current hour every 5 minutes, and storing the request amount in a Redis cache if the request amount is larger than a maximum request frequency threshold value, wherein the request amount represents that the request amount is excessive;
step 2.3.6: if all the steps 2.3.1 to 2.3.5 are passed, the request is legal, and the step 3 is entered; otherwise, the flow is ended for illegal request.
The invention has the beneficial effects that: 1. the access is simple and convenient: providing unified signature rules and multi-language universal encryption rules; 2. interface security: the account token, the service parameter signature, the IP limit, the interface authority, the interface request limit, the return information encryption and the like are used for protecting the interface security.
Drawings
FIG. 1 is a schematic flow chart of the method of the present invention.
FIG. 2 is a block diagram of a method embodiment of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings.
Referring to fig. 1, a method for implementing Api interface security according to the present invention includes the following steps:
step 1: the system application with the Api interface in the access direction;
step 2: after obtaining an application code AppID and an application key AppSercet of an application, an access party starts to organize a request to a system interface; the step 2 specifically comprises the following steps:
step 2.1: the access party requests to acquire a Token interface to acquire a Token; the step 2.1 is further specifically as follows: the access party transmits an application code AppID, a current timestamp Ticket and a Sign request to acquire a token interface, wherein the Sign is a value obtained by performing MD5 encryption by splicing 3 parameters of AppID+Ticket+AppSercet; the Token is valid for a preset time, that is, the Token is not required to be repeatedly requested for the preset time, and the Token is considered valid.
Step 2.2: after obtaining Token, the access party has the right to request a service interface with specific function from the system, and obtains the parameters required by the service interface and the signature rules to organize the service signature SdkSign; the signature rule organizes a service signature SdkSign specifically as follows: according to the unified signature rule, the parameters required by the service interface are sequenced from small to large according to the parameter names ASCII, the parameters required by the service interface are combined together to obtain text1, the text1 is converted into small text to obtain text2, and the text2+AppSecret is subjected to MD5 encryption to obtain a 32-bit MD5 value, namely SdkSign.
Step 2.3: requesting a service interface according to the Token and the service signature SdkSign, and adding parameters required by the service interface;
step 3: the system returns the data information to be returned to the access party after carrying out Des encryption on the content key DesSecret returned by the interface corresponding to the application code AppID according to the service interface request;
step 4: after obtaining the returned content of the request interface, the access side uses the interface returned content key DesSecret distributed by the system to decrypt Des, and the returned content is obtained.
Wherein, the step 2.1 further comprises the following steps:
step 2.1.1: after receiving the request of the step 2, the system firstly obtains a corresponding application key AppSercet according to an application code AppID and checks whether the Sign signature is legal and effective;
step 2.1.2: secondly, the system checks whether the Ticket is within a time threshold range of server errors, and the out-of-range is regarded as an expiration request;
step 2.1.3: finally, the system checks whether the request IP is in an IP white list allowed by an application code AppID;
step 2.1.4: if all the steps 2.1.1 to 2.1.3 are legal, the system organization token value is returned to the access party; the Token is a Json string consisting of an application code AppID, an expiration time ExpireTime, and a random string, and is encrypted by the DES of the system to obtain a value, which is stored in the Redis cache for verifying validity before being returned to the access party.
Further, the step 2.3 further includes the following steps:
step 2.3.1: after receiving the service interface request, the system firstly decrypts the Token and analyzes the contained application code AppID information, and if the analysis fails, the system is regarded as an illegal request;
step 2.3.2: after analyzing the application code AppID, obtaining a Redis cache key according to the application code AppID, reading a Token, checking whether the Token exists or not, and if not, considering the Token as an illegal request;
step 2.3.3: acquiring AppSercet according to the resolved application code AppID, organizing a signature according to a signature rule, and comparing whether SdkSign is legal or not;
step 2.3.4: checking whether the request IP is in an IP white list allowed by an application code AppID;
step 2.3.5: judging whether the system has excessive requests in the current hour, namely running a planning task by the system, counting the request amount of each application interface system in the current hour every 5 minutes, and storing the request amount in a Redis cache if the request amount is larger than a maximum request frequency threshold value, wherein the request amount represents that the request amount is excessive;
step 2.3.6: if all the steps 2.3.1 to 2.3.5 are passed, the request is legal, and the step 3 is entered; otherwise, the flow is ended for illegal request.
The invention is further described with reference to the following specific examples:
as shown in fig. 2, a method for implementing Api interface security according to the present invention includes the following steps:
step 1: the system application with the Api interface in the access direction;
step 1.1: after the system administrator allocates an application, an AppID (application code), an appserset (application key), and a desserset (interface return content key) belonging to the application are provided to the access party, and an interface request frequency is set, the interface request frequency unit: times/hour;
step 2: after the access party obtains the AppID and the AppSercet, the access party can start to organize the request to the system interface; an example AppID is uLJqf20200113, appSercet is TLnkJRtFTVjdTnYBKvTw for use in the following steps as examples.
Step 2.1: the access party first requests a "get Token" interface to get a Token. The access party transmits AppID, ticket, sign a request for 'obtaining token' interface, wherein Ticket is the current timestamp, and Sign is the value obtained by splicing MD5 by AppID+Ticket+AppSercet 3 parameters. The Token has a validity period of 2 hours, and the Token does not need to be repeatedly requested within 2 hours, and is considered valid.
Step 2.1.1: after receiving the request of 2.1, the system firstly obtains a corresponding AppSercet according to the AppID and checks whether the Sign signature is legal and effective;
step 2.1.2: the system then checks if the Ticket is within 5 minutes of the server error, and if it is out of range, it is considered as an expiration request.
Step 2.1.3: and finally, the system checks whether the request IP is in an IP white list allowed by the AppID.
Step 2.1.4: if all 2.1.1 through 2.1.3 are legal, the system organization token value is returned to the access party. Token is a value obtained by encrypting a Json string consisting of AppID, expireTime expiration time and a random string by the DES of the system. This value is stored in the Redis cache for verification of legitimacy before being returned to the access party. An example Redis cache Key is "ApiToken_uLJqf20200113".
Step 2.2: after obtaining Token, the access party will have the right to request the service interface with specific function to the system, and the SdkSign service signature is organized according to the parameters and signature rules required by the actual service interface to request together. For example, a service interface is requested, and parameters required by the interface are as follows: type recharge Type, amountrecharge Amount, body recharge header. According to the unified signature rule, the parameters are ordered from small to large according to the parameter names ASCII, namely, amount+body+type is obtained to obtain text1, text1 is converted into small text to obtain text2, and text 2+AppSecretMD 5 is encrypted to obtain a 32-bit MD5 value, namely SdkSign.
Step 2.3: and requesting the service interface according to the Token obtained in 2.1 and the SdkSign obtained in 2.2, and the parameters required by the service interface.
Step 2.3.1: after receiving the request of 2.3, the system first decrypts the Token and parses out the contained AppID information. If the parsing fails, the illegal request is considered.
Step 2.3.2: after the AppID is analyzed, a Redis cache key ApiToken_uLJqf20200113 is obtained according to the AppID to read the Token, and whether the Token exists or not is checked. If not, an illegal request is considered.
Step 2.3.3: and acquiring AppSercet according to the analyzed AppID, organizing the signature according to the signature rule, and comparing whether SdkSign is legal or not.
Step 2.3.4: and checking whether the request IP is in an IP white list allowed by the AppID, if so, legal requests exist, and if not, illegal requests exist.
Step 2.3.5: judging whether the system has an excessive request in the hour, and adding the AppID and the hour yyyMMddHH of the current time to serve as a cache key, for example, uLJqf20200113_2019011310, reading a Redis cache, and checking whether the period is 1 month 13 and 10 hours is excessive. The system will run a scheduled task, counting once every 5 minutes the requested amount per application interface per hour (i.e. 10 hours period), and if it is greater than the threshold (set maximum requested frequency) storing in dis, representing that it has been exceeded. This step does not check synchronously in real time, since a proper excess is allowed, and the performance of the system can be improved by an asynchronous check mode.
Step 3: if step 2.3.5 passes, then the request is represented as legitimate. The system encrypts the data information to be returned by DesSecret corresponding to the AppID and returns the data information to the access party.
Step 4: after obtaining the returned content of the request interface, the access side uses the DesSecret distributed by the system to decrypt the Des to obtain the returned content.
The foregoing description is only of the preferred embodiments of the invention, and all changes and modifications that come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein.

Claims (2)

1. A method for implementing Api interface security, characterized by: the method comprises the following steps:
step 1: the system application with the Api interface in the access direction;
step 2: after obtaining an application code AppID and an application key AppSercet of an application, an access party starts to organize a request to a system interface; the step 2 specifically comprises the following steps:
step 2.1: the access party requests to acquire a Token interface to acquire a Token;
the step 2.1 further comprises the steps of:
step 2.1.1: after receiving the request of the step 2, the system firstly obtains a corresponding application key AppSercet according to an application code AppID and checks whether the Sign signature is legal and effective;
step 2.1.2: secondly, the system checks whether the current timestamp Ticket is within a range of a time threshold value of server errors, and the out-of-range timestamp Ticket is regarded as an expiration request;
step 2.1.3: finally, the system checks whether the request IP is in an IP white list allowed by an application code AppID;
step 2.1.4: if all the steps 2.1.1 to 2.1.3 are legal, the system organization token value is returned to the access party; the Token is a Json character string composed of an application code AppID, an expiration time Expirietime and a random character string, and a value obtained by DES encryption of the system is stored in a Redis cache before being returned to an access party for verifying the validity;
the step 2.1 is further specifically as follows: the access party transmits an application code AppID, a current timestamp Ticket and a Sign request to acquire a token interface, wherein the Sign is a value obtained by performing MD5 encryption by splicing 3 parameters of AppID+Ticket+AppSercet; the Token is valid for a preset time, namely the Token is not required to be repeatedly requested in the preset time, and the Token is considered valid;
step 2.2: after obtaining Token, the access party has the right to request a service interface with specific function from the system, and obtains the parameters required by the service interface and the signature rules to organize the service signature SdkSign;
step 2.3: requesting a service interface according to the Token and the service signature SdkSign, and adding parameters required by the service interface;
the step 2.3 further comprises the steps of:
step 2.3.1: after receiving the service interface request, the system firstly decrypts the Token and analyzes the contained application code AppID information, and if the analysis fails, the system is regarded as an illegal request;
step 2.3.2: after analyzing the application code AppID, obtaining a Redis cache key according to the application code AppID, reading a Token, checking whether the Token exists or not, and if not, considering the Token as an illegal request;
step 2.3.3: acquiring AppSercet according to the resolved application code AppID, organizing a signature according to a signature rule, and comparing whether SdkSign is legal or not;
step 2.3.4: checking whether the request IP is in an IP white list allowed by an application code AppID;
step 2.3.5: judging whether the system has excessive requests in the current hour, namely running a planning task by the system, counting the request amount of each application interface system in the current hour every 5 minutes, and storing the request amount in a Redis cache if the request amount is larger than a maximum request frequency threshold value, wherein the request amount represents that the request amount is excessive;
step 2.3.6: if all the steps 2.3.1 to 2.3.5 are passed, the request is legal, and the step 3 is entered; otherwise, the flow is ended for illegal request;
step 3: the system returns the data information to be returned to the access party after carrying out Des encryption on the content key DesSecret returned by the interface corresponding to the application code AppID according to the service interface request;
step 4: after obtaining the returned content of the request interface, the access side uses the interface returned content key DesSecret distributed by the system to decrypt Des, and the returned content is obtained.
2. The method for implementing Api interface security of claim 1, wherein: the signature rule organizes a service signature SdkSign specifically as follows: according to the unified signature rule, the parameters required by the service interface are sequenced from small to large according to the parameter names ASCII, the parameters required by the service interface are combined together to obtain text1, the text1 is converted into small text to obtain text2, and the text2+AppSecret is subjected to MD5 encryption to obtain a 32-bit MD5 value, namely SdkSign.
CN202010097133.0A 2020-02-17 2020-02-17 Method for realizing Api interface security Active CN111277418B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010097133.0A CN111277418B (en) 2020-02-17 2020-02-17 Method for realizing Api interface security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010097133.0A CN111277418B (en) 2020-02-17 2020-02-17 Method for realizing Api interface security

Publications (2)

Publication Number Publication Date
CN111277418A CN111277418A (en) 2020-06-12
CN111277418B true CN111277418B (en) 2023-05-12

Family

ID=71003601

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010097133.0A Active CN111277418B (en) 2020-02-17 2020-02-17 Method for realizing Api interface security

Country Status (1)

Country Link
CN (1) CN111277418B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111897721B (en) * 2020-07-14 2024-04-30 重庆长安汽车股份有限公司 Automatic testing method of API (application program interface) and storage medium
CN111931159B (en) * 2020-08-11 2023-04-07 福建天晴在线互动科技有限公司 Method and system for verifying validity of webpage data interface
CN113938328A (en) * 2021-12-18 2022-01-14 中建电子商务有限责任公司 Interface label checking method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107135073A (en) * 2016-02-26 2017-09-05 北京京东尚科信息技术有限公司 Interface interchange method and apparatus
CN107705088A (en) * 2017-09-15 2018-02-16 深圳前海微众银行股份有限公司 Method for processing business, open platform and computer-readable recording medium
CN108183907A (en) * 2017-12-29 2018-06-19 浪潮通用软件有限公司 A kind of authentication method, server and Verification System
CN110071806A (en) * 2019-03-13 2019-07-30 平安科技(深圳)有限公司 The method and system of data processing based on interface check

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10044701B2 (en) * 2016-05-24 2018-08-07 Vantiv, Llc Technologies for token-based authentication and authorization of distributed computing resources

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107135073A (en) * 2016-02-26 2017-09-05 北京京东尚科信息技术有限公司 Interface interchange method and apparatus
CN107705088A (en) * 2017-09-15 2018-02-16 深圳前海微众银行股份有限公司 Method for processing business, open platform and computer-readable recording medium
CN108183907A (en) * 2017-12-29 2018-06-19 浪潮通用软件有限公司 A kind of authentication method, server and Verification System
CN110071806A (en) * 2019-03-13 2019-07-30 平安科技(深圳)有限公司 The method and system of data processing based on interface check

Also Published As

Publication number Publication date
CN111277418A (en) 2020-06-12

Similar Documents

Publication Publication Date Title
CN112333198B (en) Secure cross-domain login method, system and server
CN111277418B (en) Method for realizing Api interface security
US7058971B1 (en) Access privilege transferring method
US20070136202A1 (en) Personal-information managing apparatus, method of providing personal information, computer product, and personal-information-providing system
US20130004027A1 (en) Checking revocation status of a biometric reference template
EP1241826A2 (en) Cryptographic key management method
JP5160205B2 (en) Method and system for file transfer management
US20080294896A1 (en) Method and System for Transmitting and Receiving User's Personal Information Using Agent
CN105978855B (en) Personal information safety protection system and method under a kind of system of real name
EP1227613A2 (en) Method and apparatus for attaching electronic signature to document having structure
CN112699353B (en) Financial information transmission method and financial information transmission system
CN109242481A (en) Information approach, device and computer equipment are pledged based on block chain query
CN114372276A (en) Data security protection method and device, electronic equipment and storage medium
CN111814136A (en) Android application signature and signature verification method and device, and signature verification system
CN109992976A (en) Access credentials verification method, device, computer equipment and storage medium
JPWO2008096783A1 (en) Personal information management device for preventing falsification of personal information and denial of distribution of personal information
CN117056899A (en) Electronic certificate generation method and device
CN110493011B (en) Block chain-based certificate issuing management method and device
US20040250071A1 (en) Electronic data storage system and method thereof
CN109697368B (en) Method, device and system for safe use of user information data and storage medium
KR100609701B1 (en) An transaction certification method and system to protect privacy on electronic transaction details
CN117113392A (en) Private data processing method, device, computer equipment and storage medium
CN116361833A (en) Verification method and device and terminal equipment
KR100837754B1 (en) Apparatus for Time and Contents Stamping for Electronic Notes and Method Thereof
CN109948362B (en) Data access processing method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant