CN105306534B - A kind of information calibration method and open platform based on open platform - Google Patents
A kind of information calibration method and open platform based on open platform Download PDFInfo
- Publication number
- CN105306534B CN105306534B CN201510603494.7A CN201510603494A CN105306534B CN 105306534 B CN105306534 B CN 105306534B CN 201510603494 A CN201510603494 A CN 201510603494A CN 105306534 B CN105306534 B CN 105306534B
- Authority
- CN
- China
- Prior art keywords
- call request
- party
- open platform
- signature
- api
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/53—Network services using third party service providers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
Abstract
The present embodiments relate to field of communication technology more particularly to a kind of information calibration methods and open platform based on open platform, and the safety of open platform is called to improve third party.In the embodiment of the present invention, open platform receives the call request that third party sends, when including system parameter, application parameter and signature in determining call request, by preset rules, signature is generated based on the system parameter for including in call request and application parameter, if the signature for including in the signature of open platform generation and call request is consistent, the signature check for including in call request is successful.Since each call request uniquely corresponds to set of system parameter and application parameter, therefore each call request uniquely corresponds to a signature, so, even if there is other people to intercept and capture the signature in the call request, also the signature in the call request can not be used in other call requests, the case where to prevent other people to forge a signature, improves the safety that third party calls open platform.
Description
Technical field
The present embodiments relate to the communications field more particularly to a kind of information calibration methods and opening based on open platform
Platform.
Background technique
In Internet era, the service of website is packaged into series of computation machine application programming interface easy to identify
(Application Programming Interface, abbreviation API) is opened away, is used for third party, and this behavior is called
Opening API (Open API) provides platform of opening API itself and is thus referred to as open platform.
Third party can access open platform by calling opening API, to use the resource of open platform, increase open put down
The function of platform or the function of realizing the third-party application.Third party is as an independent content supplier, by being produced
Product are published to open platform, to obtain certain brand or fund income.With the great development of entire internet opening API,
A large amount of third-party application is swarmed appearances, and therefore, the problem of improving the safety of third party's calling open platform is extremely urgent.
Summary of the invention
The embodiment of the present invention provides a kind of information calibration method and open platform based on open platform, to improve third
Call the safety of open platform in side.
The embodiment of the present invention provides a kind of information calibration method based on open platform, comprising the following steps:
Open platform receives the call request that third party sends;
When open platform includes system parameter, application parameter and signature in determining call request, by preset rules, it is based on
The system parameter and application parameter for including in call request generate signature;
If the signature for including in the signature of open platform generation and call request is consistent, the signature for including in call request
It verifies successfully.
Optionally, by preset rules, signature, packet are generated based on the system parameter for including in call request and application parameter
It includes:
System parameter and application parameter are ranked up, First ray is obtained;Wherein, system parameter includes third party's public key
And timestamp;Application parameter and call request are one-to-one relationships;
The API for including in call request will be added before First ray identifies corresponding uniform resource locator URL network address,
Third party's private key will be added after First ray, obtain the second sequence;
Second sequence is encoded, third sequence is obtained;
Hash is carried out to third sequence, is signed.
Optionally, the second sequence is encoded, obtains third sequence, specifically includes:
The 8 variable length characters coding UTF-8 coding for carrying out Unicode first to the second sequence, after being encoded
The second sequence encoded using hexadecimal HEX, obtain third sequence.
Optionally, further includes:
When the signature for including in the signature and call request that open platform generates is consistent, call request is verified;
If call request meets the second verification condition, call request is verified successfully;
Wherein, the second verification condition includes any one of the following contents or appoints several:
Open platform to the number for the call request that third party sends verify successfully, open platform determine third party to calling
The API for including in request identify corresponding API have access authority, open platform to include in call request timestamp verification at
Function.
It optionally, include that third party identifies in call request;
It is successfully determining in the following manner that open platform, which verifies the number for the call request that third party sends:
Open platform is identified according to third party, determines the number for the call request that third party sends in current period;
If the number for the call request that the third party that open platform is determined sends in current period is less than frequency threshold value,
Then open platform determines that the number of the call request sent to third party verifies successfully.
It optionally, include third party's mark and application programming interface API mark in call request;
It is determining in the following manner that third party identifies corresponding API to have access authority to the API for including in call request
:
Open platform has the corresponding relationship of the API mark of access authority according to preset third party mark and third party, really
Determine third party and identifies all API mark that corresponding third party has access authority;
If open platform determines that the API for including in call request mark belongs to the third party determined and has access authority
API mark, then open platform determines that third party identifies corresponding API to the API for including in call request and has access authority.
It optionally, include timestamp in call request;
It is successfully determining in the following manner that open platform, which verifies the timestamp for including in call request:
Open platform obtains the timestamp for including in call request;
If open platform determines that duration of the timestamp apart from current time is less than duration threshold value, open platform asks calling
The timestamp for including in asking verifies successfully.
Optionally, call request is Hyper text transfer security protocol HTTPS request, and call request uses Secure Socket Layer
SSL is encrypted;System parameter and application parameter in call request pass through the Query of hypertext transfer protocol HTTP GET
String mode is transmitted.
The embodiment of the present invention provides a kind of open platform, comprising:
Receiving unit, for receiving the call request of third party's transmission;
Processing unit, when for including system parameter, application parameter and signature in determining call request, by default rule
Then, signature is generated based on the system parameter for including in call request and application parameter;If being wrapped in the signature of generation and call request
The signature included is consistent, then the signature check success for including in call request.
Optionally, processing unit is specifically used for:
System parameter and application parameter are ranked up, First ray is obtained;Wherein, system parameter includes third party's public key
And timestamp;Application parameter and call request are one-to-one relationships;
The API for including in call request will be added before First ray identifies corresponding uniform resource locator URL network address,
Third party's private key will be added after First ray, obtain the second sequence;
Second sequence is encoded, third sequence is obtained;
Hash is carried out to third sequence, is signed.
Optionally, the second sequence is encoded, obtains third sequence, specifically includes:
The 8 variable length characters coding UTF-8 coding for carrying out Unicode first to the second sequence, after being encoded
The second sequence encoded using hexadecimal HEX, obtain third sequence.
Optionally, processing unit is also used to:
When the signature for including in the signature of generation and call request is consistent, call request is verified;
If call request meets the second verification condition, call request is verified successfully;
Wherein, the second verification condition includes any one of the following contents or appoints several:
To third party send call request number verify successfully, determine third party to the API for including in call request
Identifying corresponding API has access authority, verifies successfully to the timestamp for including in call request.
It optionally, include that third party identifies in call request;
It is successfully determining in the following manner for verifying to the number for the call request that third party sends:
Processing unit determines time for the call request that third party sends in current period for identifying according to third party
Number;If it is determined that the number of call request that is sent in current period of third party be less than frequency threshold value, it is determined that third
The number of the call request just sent verifies successfully.
It optionally, include third party's mark and application programming interface API mark in call request;
It is determining in the following manner that third party identifies corresponding API to have access authority to the API for including in call request
:
Processing unit, for being there is the corresponding of API mark of access authority to close according to preset third party mark and third party
System determines that third party identifies corresponding third party and has all API of access authority to identify;If it is determined that including in call request
API mark, which belongs to the third party determined, has the API of access authority to identify, it is determined that third party to including in call request
API, which identifies corresponding API, access authority.
It optionally, include timestamp in call request;
It is successfully determining in the following manner for verifying to the timestamp for including in call request:
Processing unit, for obtaining the timestamp for including in call request;If it is determined that timestamp apart from current time when
It is long to be less than duration threshold value, then the timestamp for including in call request is verified successfully.
Optionally, call request is Hyper text transfer security protocol HTTPS request, and call request uses Secure Socket Layer
SSL is encrypted;System parameter and application parameter in call request pass through the Query of hypertext transfer protocol HTTP GET
String mode is transmitted.
In the embodiment of the present invention, open platform receives the call request that third party sends, and open platform is asked in determining calling
When including system parameter, application parameter and signature in asking, by preset rules, based on the system parameter for including in call request and answer
It is generated and is signed with parameter, if the signature for including in the signature of open platform generation and call request is consistent, wrapped in call request
The signature check success included.In the embodiment of the present invention, after the information that call request carries meets the requirement of open platform, also need
Verify the signature in call request, and signature be system parameter and application parameter are generated by preset rules, as long as therefore with
The third party that open platform has agreement is just able to satisfy verification and requires, and the content of agreement includes the information and life that call request carries
At the preset rules of signature;Set of system parameter and application parameter are uniquely corresponded to further as each call request, therefore every
A call request uniquely corresponds to a signature, also can not should in this way, even if there is other people to intercept and capture the signature in the call request
Signature in call request is used in other call requests, thus the case where preventing other people to forge a signature.The present invention is real
The signature in call request can be verified by applying in example, and is signed and generated according to system parameter and application parameter, improve the
The safety of tripartite's calling open platform.
Detailed description of the invention
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment
Attached drawing is briefly introduced, it should be apparent that, drawings in the following description are only some embodiments of the invention, for this
For the those of ordinary skill in field, without creative efforts, it can also be obtained according to these attached drawings other
Attached drawing.
Fig. 1 is the system architecture schematic diagram that the embodiment of the present invention is applicable in;
Fig. 2 is a kind of information calibration method flow diagram based on open platform provided in an embodiment of the present invention;
Fig. 3 is a kind of structural schematic diagram of open platform provided in an embodiment of the present invention.
Specific embodiment
In order to which the purpose of the present invention, technical solution and beneficial effect is more clearly understood, below in conjunction with attached drawing and implementation
Example, the present invention will be described in further detail.It should be appreciated that specific embodiment described herein is only used to explain this hair
It is bright, it is not intended to limit the present invention.
As shown in Figure 1, the system architecture schematic diagram that the embodiment of the present invention is applicable.It include open platform in the system architecture
100, open platform 100 passes through multiple third parties of network connection, such as third party 101 and third party 102.Multiple terminals, than
Such as terminal 103, terminal 104, terminal 105, terminal 106 and terminal 107, for multiple terminals by network connection third party, terminal can
For mobile phone terminal, PC terminal, tablet terminal etc..
Terminal can to third party send service request, after third party receives the service request, to the service request into
Row analysis, and determine one or several opening APIs for the open platform for needing to call for the service request.Third direction is opened
It is laid flat platform and sends call request, the open API of request call open platform, open platform verifies call request, in school
After testing qualification, open platform returns to third party and calls response, to tell third party that third-party this is allowed to call.Or
Person, when verifying failure, open platform returns to failure response to third party, to tell third party's this time malloc failure malloc.It is open
Platform 100 provides multiple opening APIs, for third party's calling.
Based on system architecture shown in FIG. 1, Fig. 2 shows a kind of letters based on open platform provided in an embodiment of the present invention
Cease method of calibration and device, comprising the following steps:
Step 201, open platform receives the call request that third party sends;
Step 202, when open platform includes system parameter, application parameter and signature in determining call request, by default
Rule generates signature based on the system parameter for including in call request and application parameter;
Step 203, it if the signature for including in the signature of open platform generation and call request is consistent, is wrapped in call request
The signature check success included.
Specifically, the signature for including in the call request that third party sends is third party by system parameter and application parameter
It is generated by preset rules.It, will be in the signature and call request of open platform generation after open platform receives call request
Including signature be compared, under unanimous circumstances of signing, confirm call request in include signature check success.If its
Its people has intercepted and captured the signature in some call request, and is carried on forging a signature in illegal call request, and flat to opening
When platform is sent, since each call request uniquely corresponds to set of system parameter and application parameter, each calling is asked
Unique correspondence one signature is sought, open platform receives the illegal call request, according to taking in the illegal call request
The system parameter and application parameter and preset rules of band signature generated are centainly different from the signature of the forgery, to realize
The purpose that open platform verifies call request according to the signature for including in call request, and then improve third party's tune
With the safety of open platform.
Application parameter in the embodiment of the present invention in call request refers to this time transmitted call request pair of third party
Order number, Order Date, order gold in the parameter for the application level answered, such as service application corresponding to this time call request
Volume etc..System parameter in call request refers under default situations, the parameter that third party must provide to open platform, than
Such as, timestamp (timestamp) and third party's public key (consumer_key).
A kind of preferred embodiment is that call request is Hyper text transfer security protocol HTTPS request, and call request makes
It is encrypted with Secure Socket Layer (Secure Sockets Layer, abbreviation SSL).System parameter and application in call request
Parameter passes through the Query String of hypertext transfer protocol (HyperText Transfer Protocol, abbreviation HTTP) GET
Mode is transmitted.In this way, then comparing traditional system parameters by way of HTTP Header, method is simpler.
By preset rules, signature is generated based on the system parameter for including in call request and application parameter, comprising:
System parameter and application parameter are ranked up, First ray is obtained;Wherein, system parameter includes third party's public key
And timestamp;Application parameter and call request are one-to-one relationships;Include by being added in call request before First ray
API identify corresponding uniform resource locator URL network address, third party's private key will be added after First ray, obtains the second sequence
Column;Second sequence is encoded, third sequence is obtained;Hash is carried out to third sequence, is signed.
Third party's private key is sent to open platform by third party as a parameter in system parameter.Optionally, this hair
Third party's public key in bright embodiment can be third-party account information, and third party's private key can be third-party account information pair
The encrypted message answered.Third-party public key and third-party private key have third party to be sent to open platform.
Optionally, system parameter and application parameter are ranked up to obtain First ray, system parameter and application can be joined
Number successively sorts according to the sequence of the initial of parameter name, is connected between parameters using connector " & ".
Optionally, the second sequence is encoded, obtains third sequence, specifically includes:
Carry out 8 variable length characters coding (8-bit Unicode of Unicode first to the second sequence
Transformation Format, abbreviation UTF-8) it encodes, the second sequence after being encoded uses hexadecimal (HEX)
Coding, obtains third sequence.Specifically, third sequence is obtained after encoding using HEX to have under any programming language environment
There is uniqueness.By encoding the correctness that ensure that third sequence under any programming language environment twice.
Include the API for the open platform that the call request need to this time call in call request, includes the tune in call request
With the mark for the API that request need to call.
For example, First ray are as follows:
Consumer_key=7284397484&restaurant_id=123×tamp=1374 908054
In the embodiment of the present invention, system parameter and application parameter are ranked up, obtain First ray.Wherein,
" consumer_key=7284397484 " and " timestamp=1374908054 " is system parameter, " restaurant_id
=123 " be the corresponding application parameter of the call request.
Later, the API for including in call request will be added before First ray and identify corresponding URL network address, by the first sequence
Third party's private key is added after column.Optionally, between the URL network address and First ray of the second sequence add question mark "? ", obtain
Second sequence are as follows:
Http:// example.net/restaurants/? consumer_key=7284397484&restaurant_
Id=123×tamp=13749080544d31ba58fd73c71db697ab5e4946d 52d
UTF-8 coding and HEX coding are successively carried out to the second sequence, obtain third sequence are as follows:
687474703a2f2f6578616d706c652e6e65742f72657374617572616e74732f3f636f
6e73756d65725f6b65793d373238343339373438342672657374617572616e745f69643d3132
332674696d657374616d703d3133373439303830353434643331626135386664373363373164
62363937616235653439343664353264
Hash is carried out to third sequence, is signed are as follows:
45f933de65a6e14ee142fababd223d006fa13eb0
In above-mentioned process, after obtaining signature, obtained signature is carried in call request, open platform is sent to,
So that open platform verifies the third signature for including in call request.
Optionally, open platform generate signature and call request in include signature it is consistent when, to call request into
Row verification;If call request meets the second verification condition, call request is verified successfully;
Wherein, the second verification condition includes any one of the following contents or appoints several:
Open platform to the number for the call request that third party sends verify successfully, open platform determine third party to calling
The API for including in request identify corresponding API have access authority, open platform to include in call request timestamp verification at
Function.
It specifically, include timestamp in call request;
It is successfully determining in the following manner that open platform, which verifies the timestamp for including in call request:
Open platform obtains the timestamp for including in call request;If open platform determines timestamp apart from current time
Duration is less than duration threshold value, then open platform verifies successfully the timestamp for including in call request.
If open platform determines duration of the timestamp apart from current time not less than duration threshold value, to wrapping in call request
The timestamp verification failure included.Optionally, timestamp verification failure can return to miscue to third party.
In this way, copying the call request, and repeat after then preventing other non-third-party server intercepts call requests
Call the opening API of open platform.Duration threshold value is an empirical value, for example can be five minutes.
It specifically, include that third party identifies in call request;Time for the call request that open platform sends third party
It is successfully determining in the following manner that number, which verifies:
Open platform is identified according to third party, determines the number for the call request that third party sends in current period;If
The number for the call request that the third party that open platform is determined sends in current period is less than frequency threshold value, then open platform
Determine that the number of the call request sent to third party verifies successfully.
If the number for the call request that the third party that open platform is determined sends in current period is not less than number threshold
Value, it is determined that the number verification failure of corresponding call request is identified to third party.Optionally, corresponding tune is identified to third party
Miscue is returned with the number verification failure Shi Kexiang third party of request.
Preferably, after confirming that this third party's call request verifies successfully, by calling third-party in current period
The number of request adds 1, it is preferable that counter can be used to be counted for the number of the call request in third-party each period
Number.
In this way, open platform can based on the parameters such as third-party cooperation, technical level, different third parties is done
The frequency threshold value of one classification, the corresponding call request of different grades of third party is different.Optionally, for each third
Side, open platform provide a counter in cache server for each third party correspondence, and counter cycle is automatically clear
Zero, third party's call request of every hair within each period, the corresponding counter of the third party, which can correspond to, adds 1.Number threshold
Value is a conventional value, for example can be 5 times.
For example, counter is every 1 minute automatic clear, frequency threshold value 5, if then the third party is in current period
Call request transmission times be more than 5 times, then refuse other call requests of the third party in current period, and return to third party
Miscue is returned, or is alarmed to system manager's delivery email, system manager is facilitated to check third party.In this way,
The problem of efficiently solving third party in case of a failure, sending a large amount of call requests to open platform, protects
In the case where big call request amount, the safety and stability of the underlying services system of open platform.
It optionally, include third party's mark and application programming interface API mark in call request;Third party is to calling
It is determining in the following manner that the API for including in request, which identifies corresponding API to have access authority:
Open platform has the corresponding relationship of the API mark of access authority according to preset third party mark and third party, really
Determine third party and identifies all API mark that corresponding third party has access authority;
If open platform determines that the API for including in call request mark belongs to the third party determined and has access authority
API mark, then open platform determines that third party identifies corresponding API to the API for including in call request and has access authority.
Optionally, if the third party that open platform determines that the API for including in call request mark is not belonging to determine has visit
Ask the API mark of permission, then open platform determines that third party identifies corresponding API to the API for including in call request and do not visit
Ask permission.Optionally, open platform determines that third party identifies corresponding API to the API for including in call request and do not have access right
In limited time, miscue can be returned to third party.
Specifically, possible different, the same third party of the corresponding permission of each opening API may only allow
The third party access portion API can be each third party in the embodiment of the present invention, configure the third party with access authority
API。
Preferably, call request is Hyper text transfer security protocol HTTPS request, and call request uses Secure Socket Layer
SSL is encrypted.In this way, guaranteeing that call request in transmission process, will not be stolen by others, further ensure call request
The safety of transmission.
It can be seen from the above: in the embodiment of the present invention, open platform receives the call request that third party sends, and opens
Platform is laid flat in determining call request including system parameter, application parameter and when signing, by preset rules, based in call request
Including system parameter and application parameter generate signature, if open platform generate signature and call request in include signature one
It causes, then the signature check success for including in call request.In the embodiment of the present invention, meets in the information that call request carries and open
After the requirement of platform, it is also necessary to verify the signature in call request, and signing is by system parameter and application parameter by default rule
Then generate, as long as therefore be just able to satisfy verification with third party that open platform has agreement and require, the content of agreement includes calling
It requests the information carried and generates the preset rules of signature;Set of system parameter is uniquely corresponded to further as each call request
And application parameter, therefore each call request uniquely corresponds to a signature, in this way, even if thering are other people to intercept and capture in the call request
Signature, the signature in the call request can not be also used in other call requests, so that other people be prevented to forge a signature
It happens.The signature in call request can be verified, and be signed according to system parameter and application in the embodiment of the present invention
Parameter generates, improve the safety that third party calls open platform.
Fig. 3 illustrates a kind of structural schematic diagram of open platform provided in an embodiment of the present invention.
Based on same idea, the embodiment of the present invention provides a kind of structural schematic diagram of open platform, as shown in figure 3, including
Receiving unit 301 and processing unit 302:
Receiving unit, for receiving the call request of third party's transmission;
Processing unit, when for including system parameter, application parameter and signature in determining call request, by default rule
Then, signature is generated based on the system parameter for including in call request and application parameter;If being wrapped in the signature of generation and call request
The signature included is consistent, then the signature check success for including in call request.
Optionally, processing unit is specifically used for:
System parameter and application parameter are ranked up, First ray is obtained;Wherein, system parameter includes third party's public key
And timestamp;Application parameter and call request are one-to-one relationships;
The API for including in call request will be added before First ray identifies corresponding uniform resource locator URL network address,
Third party's private key will be added after First ray, obtain the second sequence;Second sequence is encoded, third sequence is obtained;It is right
Third sequence carries out Hash, is signed.
Optionally, the second sequence is encoded, obtains third sequence, specifically includes:
The 8 variable length characters coding UTF-8 coding for carrying out Unicode first to the second sequence, after being encoded
The second sequence encoded using hexadecimal HEX, obtain third sequence.
Optionally, processing unit is also used to: when the signature for including in the signature of generation and call request is consistent, being exchanged
It is verified with request;
If call request meets the second verification condition, call request is verified successfully;
Wherein, the second verification condition includes any one of the following contents or appoints several:
To third party send call request number verify successfully, determine third party to the API for including in call request
Identifying corresponding API has access authority, verifies successfully to the timestamp for including in call request.
It optionally, include that third party identifies in call request;
It is successfully determining in the following manner for verifying to the number for the call request that third party sends:
Processing unit determines time for the call request that third party sends in current period for identifying according to third party
Number;If it is determined that the number of call request that is sent in current period of third party be less than frequency threshold value, it is determined that third
The number of the call request just sent verifies successfully.
It optionally, include third party's mark and application programming interface API mark in call request;
It is determining in the following manner that third party identifies corresponding API to have access authority to the API for including in call request
:
Processing unit, for being there is the corresponding of API mark of access authority to close according to preset third party mark and third party
System determines that third party identifies corresponding third party and has all API of access authority to identify;If it is determined that including in call request
API mark, which belongs to the third party determined, has the API of access authority to identify, then open platform determines third party in call request
Including API identify corresponding API and have access authority.
It optionally, include timestamp in call request;The timestamp for including in call request is verified be successfully by with
What under type determined:
Processing unit, for obtaining the timestamp for including in call request;If it is determined that timestamp apart from current time when
It is long to be less than duration threshold value, then the timestamp for including in call request is verified successfully.
Optionally, call request is Hyper text transfer security protocol HTTPS request, and call request uses Secure Socket Layer
SSL is encrypted;System parameter and application parameter in call request pass through the Query of hypertext transfer protocol HTTP GET
String mode is transmitted.
It can be seen from the above: in the embodiment of the present invention, open platform receives the call request that third party sends, and opens
Platform is laid flat in determining call request including system parameter, application parameter and when signing, by preset rules, based in call request
Including system parameter and application parameter generate signature, if open platform generate signature and call request in include signature one
It causes, then the signature check success for including in call request.In the embodiment of the present invention, meets in the information that call request carries and open
After the requirement of platform, it is also necessary to verify the signature in call request, and signing is by system parameter and application parameter by default rule
Then generate, as long as therefore be just able to satisfy verification with third party that open platform has agreement and require, the content of agreement includes calling
It requests the information carried and generates the preset rules of signature;Set of system parameter is uniquely corresponded to further as each call request
And application parameter, therefore each call request uniquely corresponds to a signature, in this way, even if thering are other people to intercept and capture in the call request
Signature, the signature in the call request can not be also used in other call requests, so that other people be prevented to forge a signature
It happens.The signature in call request can be verified, and be signed according to system parameter and application in the embodiment of the present invention
Parameter generates, improve the safety that third party calls open platform.
It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method or computer program product.
Therefore, complete hardware embodiment, complete software embodiment or embodiment combining software and hardware aspects can be used in the present invention
Form.It is deposited moreover, the present invention can be used to can be used in the computer that one or more wherein includes computer usable program code
The shape for the computer program product implemented on storage media (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)
Formula.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions
The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs
Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real
The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
Although preferred embodiments of the present invention have been described, it is created once a person skilled in the art knows basic
Property concept, then additional changes and modifications may be made to these embodiments.So it includes excellent that the following claims are intended to be interpreted as
It selects embodiment and falls into all change and modification of the scope of the invention.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art
Mind and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologies
Within, then the present invention is also intended to include these modifications and variations.
Claims (16)
1. a kind of information calibration method based on open platform, which comprises the following steps:
Open platform receives the call request that third party sends;The call request is that third party asks according to the business that terminal is sent
Ask determining;
When the open platform includes system parameter, application parameter and signature in determining the call request, by preset rules,
Signature is generated based on the system parameter for including in the call request and the application parameter;The application parameter is described
The parameter of the corresponding application level of call request;
If the signature that the open platform generates is consistent with the signature for including in the call request, wrapped in the call request
The signature check success included;
Wherein, described to press preset rules, it is raw based on the system parameter for including in the call request and the application parameter
At signature, comprising:
The system parameter and the application parameter are ranked up, First ray is obtained;Wherein, the system parameter includes the
Tripartite's public key and timestamp;The application parameter and the call request are one-to-one relationships;Third party's public key is
The third-party account information;
The API for including in the call request will be added before the First ray identifies corresponding uniform resource locator URL
Network address will add third party's private key, obtain the second sequence after the First ray;
Second sequence is encoded, third sequence is obtained;
Hash is carried out to the third sequence, obtains the signature.
2. the method as described in claim 1, which is characterized in that it is described to encode second sequence, obtain third sequence
Column, specifically include:
The 8 variable length characters coding UTF-8 coding for carrying out Unicode first to second sequence, after being encoded
Second sequence encoded using hexadecimal HEX, obtain the third sequence.
3. the method as described in claim 1 to 2 any claim, which is characterized in that further include:
The open platform generate signature it is consistent with the signature for including in the call request when, to the call request into
Row verification;
If the call request meets the second verification condition, the call request is verified successfully;
Wherein, the second verification condition includes any one of the following contents or appoints several:
The open platform verifies successfully, described in the open platform determination number for the call request that the third party sends
Third party, which identifies corresponding API to the API for including in the call request, has access authority, the open platform to the calling
The timestamp for including in request verifies successfully.
4. method as claimed in claim 3, which is characterized in that include that third party identifies in the call request;
It is successfully determining in the following manner that the open platform, which verifies the number for the call request that the third party sends:
The open platform is identified according to the third party, determines the call request that the third party sends in current period
Number;
If the number for the call request that the third party that the open platform is determined sends in current period is less than number
Threshold value, then the open platform determines that the number of the call request sent to the third party verifies successfully.
5. method as claimed in claim 3, which is characterized in that include that the third party identifies and applies in the call request
Program Interfaces API mark;
It is in the following manner that the third party identifies corresponding API to have access authority to the API for including in the call request
Determining:
The open platform has the corresponding relationship of the API mark of access authority according to preset third party mark and third party, really
The fixed third party, which identifies the corresponding third party, has all API of access authority to identify;
If the open platform determines that the API for including in call request mark belongs to the third party determined and has
The API of access authority is identified, then the open platform determines the third party to the API mark pair for including in the call request
The API answered has access authority.
6. method as claimed in claim 3, which is characterized in that include timestamp in the call request;
It is successfully determining in the following manner that the open platform, which verifies the timestamp for including in the call request:
The open platform obtains the timestamp for including in the call request;
If the open platform determines that duration of the timestamp apart from current time is less than duration threshold value, the open platform
The timestamp for including in the call request is verified successfully.
7. method as claimed in claim 3, which is characterized in that the call request is Hyper text transfer security protocol HTTPS
Request, the call request are encrypted using Secure Socket Layer SSL;System parameter and application parameter in the call request
It is transmitted by the Query String mode of hypertext transfer protocol HTTP GET.
8. a kind of open platform characterized by comprising
Receiving unit, for receiving the call request of third party's transmission;The call request is that the third party sends out according to terminal
What the service request sent determined;
Processing unit, when for including system parameter, application parameter and signature in determining the call request, by default rule
Then, signature is generated based on the system parameter for including in the call request and the application parameter;If generate signature with
The signature for including in the call request is consistent, then the signature check success for including in the call request;The application parameter
For the parameter of the corresponding application level of the call request;
Wherein, the processing unit, is specifically used for:
The system parameter and the application parameter are ranked up, First ray is obtained;Wherein, the system parameter includes the
Tripartite's public key and timestamp;The application parameter and the call request are one-to-one relationships;Third party's public key is
The third-party account information;
The API for including in the call request will be added before the First ray identifies corresponding uniform resource locator URL
Network address will add third party's private key, obtain the second sequence after the First ray;
Second sequence is encoded, third sequence is obtained;
Hash is carried out to the third sequence, obtains the signature.
9. open platform as claimed in claim 8, which is characterized in that it is described to encode second sequence, obtain
Three sequences, specifically include:
The 8 variable length characters coding UTF-8 coding for carrying out Unicode first to second sequence, after being encoded
Second sequence encoded using hexadecimal HEX, obtain the third sequence.
10. the open platform as described in claim 8 to 9 any claim, which is characterized in that the processing unit is also used
In:
When the signature of generation is consistent with the signature for including in the call request, the call request is verified;
If the call request meets the second verification condition, the call request is verified successfully;
Wherein, the second verification condition includes any one of the following contents or appoints several:
To the number for the call request that the third party sends verify successfully, determine the third party to wrapping in the call request
The API included, which identifies corresponding API, to be had access authority, verifies successfully to the timestamp for including in the call request.
11. open platform as claimed in claim 10, which is characterized in that include that third party identifies in the call request;
It is successfully determining in the following manner that the number of the call request sent to the third party, which verifies:
The processing unit determines the calling that the third party sends in current period for identifying according to the third party
The number of request;If it is determined that the number of call request that is sent in current period of the third party be less than frequency threshold value,
Then determine that the number of the call request sent to the third party verifies successfully.
12. open platform as claimed in claim 10, which is characterized in that include that the third party identifies in the call request
It is identified with application programming interface API;
It is in the following manner that the third party identifies corresponding API to have access authority to the API for including in the call request
Determining:
The processing unit, for being there is the corresponding of API mark of access authority to close according to preset third party mark and third party
System determines that the third party identifies the corresponding third party and has all API of access authority to identify;If it is determined that the calling is asked
The API mark for including in asking, which belongs to the third party determined, has the API of access authority to identify, it is determined that the third
Side, which identifies corresponding API to the API for including in the call request, access authority.
13. open platform as claimed in claim 10, which is characterized in that include timestamp in the call request;
Described verify to the timestamp for including in the call request is successfully determining in the following manner:
The processing unit, for obtaining the timestamp for including in the call request;If it is determined that the timestamp distance
The duration of current time is less than duration threshold value, then verifies successfully to the timestamp for including in the call request.
14. open platform as claimed in claim 10, which is characterized in that the call request is Hyper text transfer security protocol
HTTPS request, the call request are encrypted using Secure Socket Layer SSL;It system parameter in the call request and answers
It is transmitted with parameter by the Query String mode of hypertext transfer protocol HTTP GET.
15. a kind of computer storage medium, which is characterized in that the computer storage medium is stored with the executable finger of computer
It enables, the method that the computer executable instructions are used to that computer to be made to execute as described in any claim in claim 1-7.
16. a kind of electronic equipment characterized by comprising
Memory, for storing program instruction;
Processor executes such as claim 1-7 according to the program of acquisition for calling the program instruction stored in the memory
Method described in middle any claim.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510603494.7A CN105306534B (en) | 2015-09-21 | 2015-09-21 | A kind of information calibration method and open platform based on open platform |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510603494.7A CN105306534B (en) | 2015-09-21 | 2015-09-21 | A kind of information calibration method and open platform based on open platform |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105306534A CN105306534A (en) | 2016-02-03 |
CN105306534B true CN105306534B (en) | 2019-05-14 |
Family
ID=55203277
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510603494.7A Active CN105306534B (en) | 2015-09-21 | 2015-09-21 | A kind of information calibration method and open platform based on open platform |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105306534B (en) |
Families Citing this family (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107135073B (en) * | 2016-02-26 | 2021-05-25 | 北京京东尚科信息技术有限公司 | Interface calling method and device |
CN105704154B (en) * | 2016-04-01 | 2019-11-05 | 金蝶软件(中国)有限公司 | A kind of service processing method based on RESTful, apparatus and system |
CN107315948B (en) * | 2016-04-26 | 2020-09-01 | 阿里巴巴集团控股有限公司 | Data calling method and device |
WO2018006872A1 (en) * | 2016-07-08 | 2018-01-11 | 腾讯科技(深圳)有限公司 | Method and device for scheduling interface of hybrid cloud |
CN107918731A (en) * | 2016-10-11 | 2018-04-17 | 百度在线网络技术(北京)有限公司 | Method and apparatus for controlling the authority to access to open interface |
CN107733842A (en) * | 2016-11-08 | 2018-02-23 | 北京奥斯达兴业科技有限公司 | Method for authenticating and device based on cloud platform |
CN108156122B (en) * | 2016-12-06 | 2021-08-13 | 中移(杭州)信息技术有限公司 | Method, system and equipment for introducing capability of capability open platform |
CN106911684B (en) * | 2017-02-17 | 2020-06-16 | 武汉斗鱼网络科技有限公司 | Authentication method and system |
CN107704765A (en) * | 2017-08-28 | 2018-02-16 | 深圳市诚壹科技有限公司 | A kind of interface access method, server and computer-readable recording medium |
CN109120631B (en) * | 2018-09-04 | 2021-05-14 | 苏州科达科技股份有限公司 | Function calling system, method, device and storage medium |
CN111177660B (en) * | 2018-11-09 | 2024-01-05 | 千寻位置网络有限公司 | Permission verification method for open platform script code |
CN110175466B (en) * | 2019-04-16 | 2024-03-08 | 平安科技(深圳)有限公司 | Security management method and device for open platform, computer equipment and storage medium |
CN110049041A (en) * | 2019-04-17 | 2019-07-23 | 北京网聘咨询有限公司 | The interface call method and interface calling system of recruitment website open platform |
CN111949335A (en) * | 2019-05-15 | 2020-11-17 | 上海浦东发展银行股份有限公司 | Method and apparatus for sharing financial data |
CN110636041A (en) * | 2019-08-09 | 2019-12-31 | 西藏宁算科技集团有限公司 | Cloud authentication scheme implementation method and system based on OpenResty |
CN112839006B (en) * | 2019-11-22 | 2023-04-18 | Oppo广东移动通信有限公司 | Open platform interface calling method and related product |
CN112416624B (en) * | 2020-11-28 | 2022-04-08 | 郑州信大捷安信息技术股份有限公司 | Application data interaction method and system based on open platform |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103795692A (en) * | 2012-10-31 | 2014-05-14 | 中国电信股份有限公司 | Open authorization method, open authorization system and authentication and authorization server |
CN104780176A (en) * | 2015-04-28 | 2015-07-15 | 中国科学院微电子研究所 | Method and system for safely calling representational state transition application programming interface |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10362006B2 (en) * | 2013-03-15 | 2019-07-23 | Mastercard International Incorporated | Systems and methods for cryptographic security as a service |
-
2015
- 2015-09-21 CN CN201510603494.7A patent/CN105306534B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103795692A (en) * | 2012-10-31 | 2014-05-14 | 中国电信股份有限公司 | Open authorization method, open authorization system and authentication and authorization server |
CN104780176A (en) * | 2015-04-28 | 2015-07-15 | 中国科学院微电子研究所 | Method and system for safely calling representational state transition application programming interface |
Also Published As
Publication number | Publication date |
---|---|
CN105306534A (en) | 2016-02-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105306534B (en) | A kind of information calibration method and open platform based on open platform | |
CN107483509B (en) | A kind of auth method, server and readable storage medium storing program for executing | |
CN109819443B (en) | Registration authentication method, device and system based on block chain | |
US11050690B2 (en) | Method for providing recording and verification service for data received and transmitted by messenger service, and server using method | |
CN106101258B (en) | Interface calling method, device and system of hybrid cloud | |
CN103916244B (en) | Verification method and device | |
CN108537046A (en) | A kind of online contract signature system and method based on block chain technology | |
CN109460966A (en) | Contract signing method, apparatus and terminal device based on requesting party's classification | |
CN103905194B (en) | Identity traceability authentication method and system | |
CN112069550B (en) | Electronic contract evidence-storing system based on intelligent contract mode | |
CN111931209B (en) | Contract information verification method and device based on zero knowledge proof | |
CN110677399B (en) | Authentication method and device | |
CN108322416A (en) | A kind of safety certification implementation method, apparatus and system | |
TW202115643A (en) | Decentralized automatic phone fraud risk management | |
CN112257085A (en) | Bidding processing method, system, equipment and medium based on block chain | |
CN113032837A (en) | Anonymous authentication method and system for open platform | |
CN110365688A (en) | Anti-stealing link method and device | |
CN111833062B (en) | Credibility verification system for digital asset data packet | |
CN112202739B (en) | Flow monitoring method and device | |
CN116170144B (en) | Smart power grid anonymous authentication method, electronic equipment and storage medium | |
CN110890979A (en) | Automatic deploying method, device, equipment and medium for fortress machine | |
CN116541465A (en) | Block chain-based data processing method and device | |
CN113014540B (en) | Data processing method, device, equipment and storage medium | |
WO2020228564A1 (en) | Application service method and device | |
CN108270567B (en) | Message source verification method, device and system and message sending method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |