CN108650093A - A kind of interface realizing method based on idempotence - Google Patents

A kind of interface realizing method based on idempotence Download PDF

Info

Publication number
CN108650093A
CN108650093A CN201810297166.2A CN201810297166A CN108650093A CN 108650093 A CN108650093 A CN 108650093A CN 201810297166 A CN201810297166 A CN 201810297166A CN 108650093 A CN108650093 A CN 108650093A
Authority
CN
China
Prior art keywords
token
server end
timestamp
server
required parameter
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201810297166.2A
Other languages
Chinese (zh)
Inventor
王有露
温正东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Futu Network Technology Co Ltd
Original Assignee
Shenzhen Futu Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Futu Network Technology Co Ltd filed Critical Shenzhen Futu Network Technology Co Ltd
Priority to CN201810297166.2A priority Critical patent/CN108650093A/en
Publication of CN108650093A publication Critical patent/CN108650093A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/32Flow control; Congestion control by discarding or delaying data units, e.g. packets or frames
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of interface realizing methods based on idempotence, including:Step S1 calls end to be generated according to preset token generating algorithm and calls end token, and sends required parameter, timestamp to server end and call end token;Step S2, server end judge timestamp whether within effective access time that interface allows, if exceeding effective time, failure information is returned to end is called;Step S3, server end generate server end token according to token generating algorithm identical with end is called, according to required parameter and timestamp encryption;Whether step S4, server end judge to call end token and server end token consistent, if it is not, then returning to failure information to calling end;Step S5, server end will call end token as unique ID data-ins library;Step S6, server end execute the required parameter for calling end to send.The present invention can ensure that some special requests are not repeated processing, and then improve interface security and reliability.

Description

A kind of interface realizing method based on idempotence
Technical field
The present invention relates to application programming interfaces implementation method more particularly to a kind of interface realizing methods based on idempotence.
Background technology
With the fast development of internet, more and more websites can open to the outside world the application programming interfaces (API) of oneself, The idempotence for how ensureing API is a very important project.
In the prior art, end oneself is called to ensure not retransmit.Before calling API, the request is first marked to handle, received To API respond after by label be set as processing complete, if centre is abnormal by this request marks be abnormal conditions, subsequently Repair exception request by other means again.This mode is high to calling end to require, and will be straight if end is called not process Pick out the case where now repeating same operation.Server end API ensures that repetitive requests are only primary by processing.End is called to call When, every time in addition to necessary required parameter, it is in addition further added by additional request flowing water ID, server end API is upon receiving a request Flowing water ID trials are saved at the first time, direct return error message, otherwise continues with and return if flowing water ID is existing Return result.This mode flowing water ID more and more can require height to the storage medium inquiry velocity of flowing water ID, capacity.
Invention content
The technical problem to be solved in the present invention is that in view of the deficiencies of the prior art, some spies can be ensured by providing one kind Different request is not repeated processing, and then improves the interface realizing method based on idempotence of interface security and reliability.
In order to solve the above technical problems, the present invention adopts the following technical scheme that.
A kind of interface realizing method based on idempotence, this method are based on that end and server end is called to realize, the method Including having the following steps:Step S1, the calling end generate according to preset token generating algorithm and call end token, and to clothes Business device end sends required parameter, timestamp and calls end token;Step S2, the received server-side required parameter, and judge Whether timestamp is within effective access time that interface allows, if so, S3 is thened follow the steps, if exceeding effective time, to tune Failure information is returned with end;Step S3, the server end is according to token generating algorithm identical with the calling end, according to asking It asks parameter and timestamp to encrypt and generates server end token;Step S4, the server end judge to call end token and server Hold token whether consistent, if so, S5 is thened follow the steps, if it is not, then returning to failure information to calling end;Step S5, the service Device end will call end token as unique ID data-ins library;Step S6, the server end execute the request for calling end to send Parameter, and implementing result is fed back to and calls end.
Preferably, in the step S1, the timestamp is the timestamp for calling end current time.
Preferably, the token generating algorithm includes:The character string that required parameter and timestamp are generated after md5 encryption Value is used as token.
Preferably, in the step S5, if unique ID conflicts occur, the server end, which no longer executes, calls end to send Required parameter.
Preferably, the interface is HTTP interface.
Interface realizing method disclosed by the invention based on idempotence ensures interface idempotent by the uniqueness of token, And the request that quickly noted abnormalities by verifying token value, expired request is judged by timestamp and abandons raising interface capability. Compared to existing technologies, the present invention can ensure that some special requests are not repeated processing, and then improve interface security Property and reliability.
Description of the drawings
Fig. 1 is the flow chart of the method for the present invention.
Specific implementation mode
The present invention is described in more detail with reference to the accompanying drawings and examples.
The invention discloses a kind of interface realizing method based on idempotence, this method is based on calling end and server end real It is existing, Fig. 1 is please referred to, the method includes having the following steps:
Step S1, the calling end generate according to preset token generating algorithm and call end token, and to server end It sends required parameter, timestamp and calls end token;
Step S2, the received server-side required parameter, and judge timestamp whether the effective access allowed in interface In time, if so, thening follow the steps S3, if exceeding effective time, failure information is returned to end is called;
Step S3, the server end according to token generating algorithm identical with the calling end, according to required parameter and Timestamp encryption generates server end token;
Step S4, whether the server end judges to call end token and server end token consistent, if so, executing step Rapid S5, if it is not, then returning to failure information to calling end;
Step S5, the server end will call end token as unique ID data-ins library;
Step S6, the server end executes the required parameter for calling end to send, and implementing result is fed back to and calls end.
In the above method, interface idempotent is ensured by the uniqueness of token, and is quickly found by verifying token value different Often request judges expired request by timestamp and abandons raising interface capability.Compared to existing technologies, the present invention can protect It demonstrate,proves some special requests and is not repeated processing, and then improve interface security and reliability.
As a preferred method, in the step S1, the timestamp is the timestamp for calling end current time.
In the present embodiment, the token generating algorithm includes:The word that required parameter and timestamp are generated after md5 encryption String value is accorded with as token.
As a preferred method, in the step S5, if unique ID conflicts occur, the server end no longer executes The required parameter for calling end to send.In the present embodiment, the interface is HTTP interface.
Interface realizing method disclosed by the invention based on idempotence in actual application, can refer to and be implemented as follows Example:
It calls end when sending request, other than the parameter that interface (API) itself needs, in addition increases two parameter:Time Stab (timestamp), token (token).Wherein timestamp (timestamp) is to call end present system time stamp, token (token) it is required parameter and timestamp according to being centainly ranked sequentially the string value generated after md5 encryption.
Server end is upon receiving a request:First, it is determined that the timestamp of timestamp (timestamp) parameter setting whether Within effective access time that interface allows, such as exceed effective time, returns to failure;Secondly, according to identical token (token) The required parameter received and timestamp (timestamp) encryption are generated server end token (token), such as by generating algorithm It calls the token (token) that the token (token) that end passes over is generated with server end inconsistent, returns to failure;In addition, will Token (token) finds unique ID conflicts, it is meant that the operation was once located as unique ID data-ins library when such as preserving It managed, should not execute again, and ensured idempotence;Finally, it continues to execute and returns and call end implementing result.
In the above method, to meet the different situation of different request expired times, it is expired that request can be increased in the interface Timestamp, server end record get up for judging whether request is out of date.
The above is preferred embodiments of the present invention, is not intended to restrict the invention, all technology models in the present invention Interior done modification, equivalent replacement or improvement etc. are enclosed, should be included in the range of of the invention protect.

Claims (5)

1. a kind of interface realizing method based on idempotence, which is characterized in that this method is based on that end and server end is called to realize, The method includes having the following steps:
Step S1, the calling end is generated according to preset token generating algorithm calls end token, and is sent to server end Required parameter, timestamp and calling end token;
Step S2, the received server-side required parameter, and judge timestamp whether the effective access time allowed in interface It is interior, if so, thening follow the steps S3, if exceeding effective time, failure information is returned to end is called;
Step S3, the server end is according to token generating algorithm identical with the calling end, according to required parameter and time Stamp encryption generates server end token;
Step S4, whether the server end judges to call end token and server end token consistent, if so, thening follow the steps S5, if it is not, then returning to failure information to calling end;
Step S5, the server end will call end token as unique ID data-ins library;
Step S6, the server end executes the required parameter for calling end to send, and implementing result is fed back to and calls end.
2. the interface realizing method based on idempotence as described in claim 1, which is characterized in that described in the step S1 Timestamp is the timestamp for calling end current time.
3. the interface realizing method based on idempotence as described in claim 1, which is characterized in that the token generating algorithm packet It includes:The string value that required parameter and timestamp are generated after md5 encryption is as token.
4. the interface realizing method based on idempotence as described in claim 1, which is characterized in that in the step S5, if hair Raw unique ID conflicts, then the server end no longer executes the required parameter for calling end to send.
5. the interface realizing method based on idempotence as described in claim 1, which is characterized in that the interface connects for HTTP Mouthful.
CN201810297166.2A 2018-03-30 2018-03-30 A kind of interface realizing method based on idempotence Withdrawn CN108650093A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810297166.2A CN108650093A (en) 2018-03-30 2018-03-30 A kind of interface realizing method based on idempotence

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810297166.2A CN108650093A (en) 2018-03-30 2018-03-30 A kind of interface realizing method based on idempotence

Publications (1)

Publication Number Publication Date
CN108650093A true CN108650093A (en) 2018-10-12

Family

ID=63745461

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810297166.2A Withdrawn CN108650093A (en) 2018-03-30 2018-03-30 A kind of interface realizing method based on idempotence

Country Status (1)

Country Link
CN (1) CN108650093A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109542964A (en) * 2018-11-06 2019-03-29 用友网络科技股份有限公司 A kind of data calling method and data calling system
CN110740163A (en) * 2019-09-04 2020-01-31 无锡华云数据技术服务有限公司 Idempotent control method, idempotent control device, electronic equipment and readable storage medium
CN111865970A (en) * 2020-07-17 2020-10-30 北京百度网讯科技有限公司 Method and apparatus for implementing interface idempotency
CN112039913A (en) * 2020-09-07 2020-12-04 上海浦东发展银行股份有限公司 Server API calling method, device and storage medium
CN112636900A (en) * 2020-12-09 2021-04-09 南京联创互联网技术有限公司 HTTP/HTTPS interface security verification method based on MD5 encryption

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103701761A (en) * 2012-09-28 2014-04-02 中国电信股份有限公司 Authentication method for invoking open interface and system
CN104866383A (en) * 2015-05-29 2015-08-26 北京金山安全软件有限公司 Interface calling method and device and terminal
CN106713276A (en) * 2016-11-25 2017-05-24 国信优易数据有限公司 Data acquisition method and system based on authorization and authentication
CN107018127A (en) * 2017-03-07 2017-08-04 西安电子科技大学 The Internet of Things virtual gateway and node access authentication method of a kind of compatible various protocols
CN107135073A (en) * 2016-02-26 2017-09-05 北京京东尚科信息技术有限公司 Interface interchange method and apparatus

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103701761A (en) * 2012-09-28 2014-04-02 中国电信股份有限公司 Authentication method for invoking open interface and system
CN104866383A (en) * 2015-05-29 2015-08-26 北京金山安全软件有限公司 Interface calling method and device and terminal
CN107135073A (en) * 2016-02-26 2017-09-05 北京京东尚科信息技术有限公司 Interface interchange method and apparatus
CN106713276A (en) * 2016-11-25 2017-05-24 国信优易数据有限公司 Data acquisition method and system based on authorization and authentication
CN107018127A (en) * 2017-03-07 2017-08-04 西安电子科技大学 The Internet of Things virtual gateway and node access authentication method of a kind of compatible various protocols

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109542964A (en) * 2018-11-06 2019-03-29 用友网络科技股份有限公司 A kind of data calling method and data calling system
CN110740163A (en) * 2019-09-04 2020-01-31 无锡华云数据技术服务有限公司 Idempotent control method, idempotent control device, electronic equipment and readable storage medium
CN110740163B (en) * 2019-09-04 2021-04-02 华云数据控股集团有限公司 Idempotent control method, idempotent control device, electronic equipment and readable storage medium
CN111865970A (en) * 2020-07-17 2020-10-30 北京百度网讯科技有限公司 Method and apparatus for implementing interface idempotency
CN112039913A (en) * 2020-09-07 2020-12-04 上海浦东发展银行股份有限公司 Server API calling method, device and storage medium
CN112636900A (en) * 2020-12-09 2021-04-09 南京联创互联网技术有限公司 HTTP/HTTPS interface security verification method based on MD5 encryption

Similar Documents

Publication Publication Date Title
CN108650093A (en) A kind of interface realizing method based on idempotence
CN106101258B (en) Interface calling method, device and system of hybrid cloud
CN112136303B (en) Secure delegation of refresh tokens for time-consuming operations
US9781109B2 (en) Method, terminal device, and network device for improving information security
US9571465B1 (en) Security verification by message interception and modification
CN106559405B (en) Portal authentication method and equipment
CN105939284B (en) The matching process and device of message control strategy
CN110830442A (en) Message processing method, device and gateway
CN105099707A (en) Offline authentication method, server and system
US11816249B2 (en) System and method for dynamic management of private data
CN106209727B (en) Session access method and device
CN108289074B (en) User account login method and device
CN112199412B (en) Payment bill processing method based on block chain and block chain bill processing system
WO2016008212A1 (en) Terminal as well as method for detecting security of terminal data interaction, and storage medium
US9665732B2 (en) Secure Download from internet marketplace
CN107888623A (en) The live anti-abduction method and device of software audio and video data streams
US11062018B2 (en) Platform for generation of passwords and/or email addresses
CN114978752A (en) Weak password detection method and device, electronic equipment and computer readable storage medium
CN105279404B (en) Operating system method of controlling operation thereof and device
CN106210159B (en) Domain name resolution method and device
CN111327680B (en) Authentication data synchronization method, device, system, computer equipment and storage medium
CN104396216A (en) Methods for identifying network traffic characteristics to correlate and manage one or more subsequent flows and devices thereof
CN107634969B (en) Data interaction method and device
US10482397B2 (en) Managing identifiers
CN109621407A (en) A kind of client log on request method and apparatus

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20181012

WW01 Invention patent application withdrawn after publication