CN108650093A - A kind of interface realizing method based on idempotence - Google Patents
A kind of interface realizing method based on idempotence Download PDFInfo
- Publication number
- CN108650093A CN108650093A CN201810297166.2A CN201810297166A CN108650093A CN 108650093 A CN108650093 A CN 108650093A CN 201810297166 A CN201810297166 A CN 201810297166A CN 108650093 A CN108650093 A CN 108650093A
- Authority
- CN
- China
- Prior art keywords
- token
- server end
- timestamp
- server
- required parameter
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/32—Flow control; Congestion control by discarding or delaying data units, e.g. packets or frames
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of interface realizing methods based on idempotence, including:Step S1 calls end to be generated according to preset token generating algorithm and calls end token, and sends required parameter, timestamp to server end and call end token;Step S2, server end judge timestamp whether within effective access time that interface allows, if exceeding effective time, failure information is returned to end is called;Step S3, server end generate server end token according to token generating algorithm identical with end is called, according to required parameter and timestamp encryption;Whether step S4, server end judge to call end token and server end token consistent, if it is not, then returning to failure information to calling end;Step S5, server end will call end token as unique ID data-ins library;Step S6, server end execute the required parameter for calling end to send.The present invention can ensure that some special requests are not repeated processing, and then improve interface security and reliability.
Description
Technical field
The present invention relates to application programming interfaces implementation method more particularly to a kind of interface realizing methods based on idempotence.
Background technology
With the fast development of internet, more and more websites can open to the outside world the application programming interfaces (API) of oneself,
The idempotence for how ensureing API is a very important project.
In the prior art, end oneself is called to ensure not retransmit.Before calling API, the request is first marked to handle, received
To API respond after by label be set as processing complete, if centre is abnormal by this request marks be abnormal conditions, subsequently
Repair exception request by other means again.This mode is high to calling end to require, and will be straight if end is called not process
Pick out the case where now repeating same operation.Server end API ensures that repetitive requests are only primary by processing.End is called to call
When, every time in addition to necessary required parameter, it is in addition further added by additional request flowing water ID, server end API is upon receiving a request
Flowing water ID trials are saved at the first time, direct return error message, otherwise continues with and return if flowing water ID is existing
Return result.This mode flowing water ID more and more can require height to the storage medium inquiry velocity of flowing water ID, capacity.
Invention content
The technical problem to be solved in the present invention is that in view of the deficiencies of the prior art, some spies can be ensured by providing one kind
Different request is not repeated processing, and then improves the interface realizing method based on idempotence of interface security and reliability.
In order to solve the above technical problems, the present invention adopts the following technical scheme that.
A kind of interface realizing method based on idempotence, this method are based on that end and server end is called to realize, the method
Including having the following steps:Step S1, the calling end generate according to preset token generating algorithm and call end token, and to clothes
Business device end sends required parameter, timestamp and calls end token;Step S2, the received server-side required parameter, and judge
Whether timestamp is within effective access time that interface allows, if so, S3 is thened follow the steps, if exceeding effective time, to tune
Failure information is returned with end;Step S3, the server end is according to token generating algorithm identical with the calling end, according to asking
It asks parameter and timestamp to encrypt and generates server end token;Step S4, the server end judge to call end token and server
Hold token whether consistent, if so, S5 is thened follow the steps, if it is not, then returning to failure information to calling end;Step S5, the service
Device end will call end token as unique ID data-ins library;Step S6, the server end execute the request for calling end to send
Parameter, and implementing result is fed back to and calls end.
Preferably, in the step S1, the timestamp is the timestamp for calling end current time.
Preferably, the token generating algorithm includes:The character string that required parameter and timestamp are generated after md5 encryption
Value is used as token.
Preferably, in the step S5, if unique ID conflicts occur, the server end, which no longer executes, calls end to send
Required parameter.
Preferably, the interface is HTTP interface.
Interface realizing method disclosed by the invention based on idempotence ensures interface idempotent by the uniqueness of token,
And the request that quickly noted abnormalities by verifying token value, expired request is judged by timestamp and abandons raising interface capability.
Compared to existing technologies, the present invention can ensure that some special requests are not repeated processing, and then improve interface security
Property and reliability.
Description of the drawings
Fig. 1 is the flow chart of the method for the present invention.
Specific implementation mode
The present invention is described in more detail with reference to the accompanying drawings and examples.
The invention discloses a kind of interface realizing method based on idempotence, this method is based on calling end and server end real
It is existing, Fig. 1 is please referred to, the method includes having the following steps:
Step S1, the calling end generate according to preset token generating algorithm and call end token, and to server end
It sends required parameter, timestamp and calls end token;
Step S2, the received server-side required parameter, and judge timestamp whether the effective access allowed in interface
In time, if so, thening follow the steps S3, if exceeding effective time, failure information is returned to end is called;
Step S3, the server end according to token generating algorithm identical with the calling end, according to required parameter and
Timestamp encryption generates server end token;
Step S4, whether the server end judges to call end token and server end token consistent, if so, executing step
Rapid S5, if it is not, then returning to failure information to calling end;
Step S5, the server end will call end token as unique ID data-ins library;
Step S6, the server end executes the required parameter for calling end to send, and implementing result is fed back to and calls end.
In the above method, interface idempotent is ensured by the uniqueness of token, and is quickly found by verifying token value different
Often request judges expired request by timestamp and abandons raising interface capability.Compared to existing technologies, the present invention can protect
It demonstrate,proves some special requests and is not repeated processing, and then improve interface security and reliability.
As a preferred method, in the step S1, the timestamp is the timestamp for calling end current time.
In the present embodiment, the token generating algorithm includes:The word that required parameter and timestamp are generated after md5 encryption
String value is accorded with as token.
As a preferred method, in the step S5, if unique ID conflicts occur, the server end no longer executes
The required parameter for calling end to send.In the present embodiment, the interface is HTTP interface.
Interface realizing method disclosed by the invention based on idempotence in actual application, can refer to and be implemented as follows
Example:
It calls end when sending request, other than the parameter that interface (API) itself needs, in addition increases two parameter:Time
Stab (timestamp), token (token).Wherein timestamp (timestamp) is to call end present system time stamp, token
(token) it is required parameter and timestamp according to being centainly ranked sequentially the string value generated after md5 encryption.
Server end is upon receiving a request:First, it is determined that the timestamp of timestamp (timestamp) parameter setting whether
Within effective access time that interface allows, such as exceed effective time, returns to failure;Secondly, according to identical token (token)
The required parameter received and timestamp (timestamp) encryption are generated server end token (token), such as by generating algorithm
It calls the token (token) that the token (token) that end passes over is generated with server end inconsistent, returns to failure;In addition, will
Token (token) finds unique ID conflicts, it is meant that the operation was once located as unique ID data-ins library when such as preserving
It managed, should not execute again, and ensured idempotence;Finally, it continues to execute and returns and call end implementing result.
In the above method, to meet the different situation of different request expired times, it is expired that request can be increased in the interface
Timestamp, server end record get up for judging whether request is out of date.
The above is preferred embodiments of the present invention, is not intended to restrict the invention, all technology models in the present invention
Interior done modification, equivalent replacement or improvement etc. are enclosed, should be included in the range of of the invention protect.
Claims (5)
1. a kind of interface realizing method based on idempotence, which is characterized in that this method is based on that end and server end is called to realize,
The method includes having the following steps:
Step S1, the calling end is generated according to preset token generating algorithm calls end token, and is sent to server end
Required parameter, timestamp and calling end token;
Step S2, the received server-side required parameter, and judge timestamp whether the effective access time allowed in interface
It is interior, if so, thening follow the steps S3, if exceeding effective time, failure information is returned to end is called;
Step S3, the server end is according to token generating algorithm identical with the calling end, according to required parameter and time
Stamp encryption generates server end token;
Step S4, whether the server end judges to call end token and server end token consistent, if so, thening follow the steps
S5, if it is not, then returning to failure information to calling end;
Step S5, the server end will call end token as unique ID data-ins library;
Step S6, the server end executes the required parameter for calling end to send, and implementing result is fed back to and calls end.
2. the interface realizing method based on idempotence as described in claim 1, which is characterized in that described in the step S1
Timestamp is the timestamp for calling end current time.
3. the interface realizing method based on idempotence as described in claim 1, which is characterized in that the token generating algorithm packet
It includes:The string value that required parameter and timestamp are generated after md5 encryption is as token.
4. the interface realizing method based on idempotence as described in claim 1, which is characterized in that in the step S5, if hair
Raw unique ID conflicts, then the server end no longer executes the required parameter for calling end to send.
5. the interface realizing method based on idempotence as described in claim 1, which is characterized in that the interface connects for HTTP
Mouthful.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810297166.2A CN108650093A (en) | 2018-03-30 | 2018-03-30 | A kind of interface realizing method based on idempotence |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810297166.2A CN108650093A (en) | 2018-03-30 | 2018-03-30 | A kind of interface realizing method based on idempotence |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108650093A true CN108650093A (en) | 2018-10-12 |
Family
ID=63745461
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810297166.2A Withdrawn CN108650093A (en) | 2018-03-30 | 2018-03-30 | A kind of interface realizing method based on idempotence |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108650093A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109542964A (en) * | 2018-11-06 | 2019-03-29 | 用友网络科技股份有限公司 | A kind of data calling method and data calling system |
CN110740163A (en) * | 2019-09-04 | 2020-01-31 | 无锡华云数据技术服务有限公司 | Idempotent control method, idempotent control device, electronic equipment and readable storage medium |
CN111865970A (en) * | 2020-07-17 | 2020-10-30 | 北京百度网讯科技有限公司 | Method and apparatus for implementing interface idempotency |
CN112039913A (en) * | 2020-09-07 | 2020-12-04 | 上海浦东发展银行股份有限公司 | Server API calling method, device and storage medium |
CN112636900A (en) * | 2020-12-09 | 2021-04-09 | 南京联创互联网技术有限公司 | HTTP/HTTPS interface security verification method based on MD5 encryption |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103701761A (en) * | 2012-09-28 | 2014-04-02 | 中国电信股份有限公司 | Authentication method for invoking open interface and system |
CN104866383A (en) * | 2015-05-29 | 2015-08-26 | 北京金山安全软件有限公司 | Interface calling method and device and terminal |
CN106713276A (en) * | 2016-11-25 | 2017-05-24 | 国信优易数据有限公司 | Data acquisition method and system based on authorization and authentication |
CN107018127A (en) * | 2017-03-07 | 2017-08-04 | 西安电子科技大学 | The Internet of Things virtual gateway and node access authentication method of a kind of compatible various protocols |
CN107135073A (en) * | 2016-02-26 | 2017-09-05 | 北京京东尚科信息技术有限公司 | Interface interchange method and apparatus |
-
2018
- 2018-03-30 CN CN201810297166.2A patent/CN108650093A/en not_active Withdrawn
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103701761A (en) * | 2012-09-28 | 2014-04-02 | 中国电信股份有限公司 | Authentication method for invoking open interface and system |
CN104866383A (en) * | 2015-05-29 | 2015-08-26 | 北京金山安全软件有限公司 | Interface calling method and device and terminal |
CN107135073A (en) * | 2016-02-26 | 2017-09-05 | 北京京东尚科信息技术有限公司 | Interface interchange method and apparatus |
CN106713276A (en) * | 2016-11-25 | 2017-05-24 | 国信优易数据有限公司 | Data acquisition method and system based on authorization and authentication |
CN107018127A (en) * | 2017-03-07 | 2017-08-04 | 西安电子科技大学 | The Internet of Things virtual gateway and node access authentication method of a kind of compatible various protocols |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109542964A (en) * | 2018-11-06 | 2019-03-29 | 用友网络科技股份有限公司 | A kind of data calling method and data calling system |
CN110740163A (en) * | 2019-09-04 | 2020-01-31 | 无锡华云数据技术服务有限公司 | Idempotent control method, idempotent control device, electronic equipment and readable storage medium |
CN110740163B (en) * | 2019-09-04 | 2021-04-02 | 华云数据控股集团有限公司 | Idempotent control method, idempotent control device, electronic equipment and readable storage medium |
CN111865970A (en) * | 2020-07-17 | 2020-10-30 | 北京百度网讯科技有限公司 | Method and apparatus for implementing interface idempotency |
CN112039913A (en) * | 2020-09-07 | 2020-12-04 | 上海浦东发展银行股份有限公司 | Server API calling method, device and storage medium |
CN112636900A (en) * | 2020-12-09 | 2021-04-09 | 南京联创互联网技术有限公司 | HTTP/HTTPS interface security verification method based on MD5 encryption |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108650093A (en) | A kind of interface realizing method based on idempotence | |
CN106101258B (en) | Interface calling method, device and system of hybrid cloud | |
CN112136303B (en) | Secure delegation of refresh tokens for time-consuming operations | |
US9781109B2 (en) | Method, terminal device, and network device for improving information security | |
US9571465B1 (en) | Security verification by message interception and modification | |
CN106559405B (en) | Portal authentication method and equipment | |
CN105939284B (en) | The matching process and device of message control strategy | |
CN110830442A (en) | Message processing method, device and gateway | |
CN105099707A (en) | Offline authentication method, server and system | |
US11816249B2 (en) | System and method for dynamic management of private data | |
CN106209727B (en) | Session access method and device | |
CN108289074B (en) | User account login method and device | |
CN112199412B (en) | Payment bill processing method based on block chain and block chain bill processing system | |
WO2016008212A1 (en) | Terminal as well as method for detecting security of terminal data interaction, and storage medium | |
US9665732B2 (en) | Secure Download from internet marketplace | |
CN107888623A (en) | The live anti-abduction method and device of software audio and video data streams | |
US11062018B2 (en) | Platform for generation of passwords and/or email addresses | |
CN114978752A (en) | Weak password detection method and device, electronic equipment and computer readable storage medium | |
CN105279404B (en) | Operating system method of controlling operation thereof and device | |
CN106210159B (en) | Domain name resolution method and device | |
CN111327680B (en) | Authentication data synchronization method, device, system, computer equipment and storage medium | |
CN104396216A (en) | Methods for identifying network traffic characteristics to correlate and manage one or more subsequent flows and devices thereof | |
CN107634969B (en) | Data interaction method and device | |
US10482397B2 (en) | Managing identifiers | |
CN109621407A (en) | A kind of client log on request method and apparatus |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20181012 |
|
WW01 | Invention patent application withdrawn after publication |