CN109246092B - Interface management method, device, system and computer readable storage medium - Google Patents

Interface management method, device, system and computer readable storage medium Download PDF

Info

Publication number
CN109246092B
CN109246092B CN201810964178.6A CN201810964178A CN109246092B CN 109246092 B CN109246092 B CN 109246092B CN 201810964178 A CN201810964178 A CN 201810964178A CN 109246092 B CN109246092 B CN 109246092B
Authority
CN
China
Prior art keywords
interface
caller
calling
authorization
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810964178.6A
Other languages
Chinese (zh)
Other versions
CN109246092A (en
Inventor
杜晓雷
宋扬
王爰
余娴
曹继邦
刘瑞伟
王晖
炊文伟
闫璐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Kuangshi Technology Co Ltd
Original Assignee
Beijing Kuangshi Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Kuangshi Technology Co Ltd filed Critical Beijing Kuangshi Technology Co Ltd
Priority to CN201810964178.6A priority Critical patent/CN109246092B/en
Publication of CN109246092A publication Critical patent/CN109246092A/en
Application granted granted Critical
Publication of CN109246092B publication Critical patent/CN109246092B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/55Push-based network services

Abstract

The invention provides an interface management method, a device, a system and a computer readable storage medium, wherein the method comprises the following steps: the interface management system obtains an interface calling instruction which is sent by a calling party and comprises a first calling party key and a target interface, and judges whether to push data generated by a configuration party to the calling party based on a first interface authorization field which is configured in advance of the target interface when the first calling party key is verified to be consistent with a second calling party key which is configured for the calling party in advance and the interface calling instruction represents data calling. When the interface management system receives an interface calling instruction of a calling party, in addition to verifying a first calling key sent by the calling party, the interface management system needs to judge whether the calling party has the authority to call data generated by a configuring party through a target interface through a first interface authorization field configured by the configuring party for the target interface, namely, the safety of interface data is ensured through multiple verification.

Description

Interface management method, device, system and computer readable storage medium
Technical Field
The present invention relates to the field of data processing, and in particular, to a method, an apparatus, a system, and a computer-readable storage medium for interface management.
Background
After the data-providing manufacturer establishes a connection with an interface of a portrait system used by the police, the manufacturer may provide portrait data, such as photo data, video stream data, etc., for the portrait system. In the portrait system at present, a large amount of portrait data exists, the portrait data may be provided by a plurality of different video manufacturers, and data inter-calling and pushing may also exist among the manufacturers. However, when one manufacturer wishes to call data of another manufacturer through one interface, the interface data security problem often exists.
Disclosure of Invention
Embodiments of the present invention provide an interface management method, apparatus, system, and computer-readable storage medium to alleviate the above problem.
In a first aspect, an embodiment of the present invention provides an interface management method, where the method includes: obtaining an interface calling instruction sent by a calling party, wherein the interface calling instruction comprises: a target interface and a first caller key; and when the first caller secret key is verified to be consistent with a second caller secret key which is configured for the caller in advance and the interface calling instruction represents data calling, judging whether to push data generated by the configurator to the caller or not based on a first interface authorization field which is configured in advance of the target interface.
With reference to an implementation manner of the first aspect, before determining whether to push data generated by the configurator to the caller based on a preconfigured first interface authorization field of the target interface, the method further includes: acquiring first interface authorization information input by the configurator aiming at the target interface; and filling the first interface authorization information into an interface authorization field of the target interface to form a first interface authorization field.
With reference to an implementation manner of the first aspect, the determining, by the first interface authorization field, whether to push data generated by the configurator to the caller based on a preconfigured first interface authorization field of the target interface includes: and at least pushing the data generated by the configuration party to the calling party when the password sent by the calling party is verified to be matched with the password of the data queue.
With reference to an implementation manner of the first aspect, the determining, by the first interface authorization field, whether to push data generated by the configurator to the caller based on a preconfigured first interface authorization field of the target interface includes: and pushing data generated by the configurator to the caller at least when the IP address of the caller is verified not to be the IP address limited within the access address limit.
With reference to an implementation manner of the first aspect, the determining, by the first interface authorization field, whether to push data generated by the configurator to the caller based on a preconfigured first interface authorization field of the target interface includes: and at least pushing data generated by the configuration party to the calling party when the calling times of the calling party to the target interface are smaller than the upper limit of the calling times and/or the current calling time is within the callable time period.
With reference to an implementation manner of the first aspect, the determining, by the first interface authorization field, whether to push data generated by the configurator to the caller based on a preconfigured first interface authorization field of the target interface includes: and pushing data generated by the configurator to the caller at least when the device identification of the device called by the caller is verified to be contained in the authorized device identification.
With reference to an implementation manner of the first aspect, after obtaining the interface call instruction sent by the caller, the method further includes: when the first caller secret key and the second caller secret key are verified to be consistent and the interface calling instruction represents interface authorization, acquiring second interface authorization information input by the caller aiming at the target interface; filling the second interface authorization information into an interface authorization field to form a second interface authorization field; and judging whether to push the data generated by the calling party to other calling parties based on the second interface authorization field, wherein the other calling parties initiate interface calling instructions for representing data calling to the target interface in advance.
With reference to an implementation manner of the first aspect, before acquiring the interface call instruction initiated by the caller, the method further includes: receiving an instruction of a viewing interface or an editing interface; according to the instruction, an interface management interface is displayed, the interface management interface displays all interfaces and interface authorization fields of each interface, and the interface authorization fields of each interface comprise: one or more of an interface description, access address restrictions, traffic restrictions, authorization interface, data push, database authorization, and device authorization; and acquiring the first interface authorization field configured for the target interface through the interface management interface.
With reference to an implementation manner of the first aspect, a current number of times of call of each interface is pre-stored in a local database, and the interface management interface further displays the current number of times of call of each interface.
With reference to an implementation manner of the first aspect, a calling number upper limit of each interface is pre-stored in the local database, and the interface management interface further displays an interface set in which the current called number is smaller than the calling number upper limit, an interface field of each interface in the interface set, and the current called number of each interface.
In a second aspect, an embodiment of the present invention provides an interface management apparatus, where the apparatus includes: the obtaining module is used for obtaining an interface calling instruction sent by a calling party, and the interface calling instruction comprises: a target interface and a first caller key; and the pushing module is used for judging whether to push data generated by the configurator to the caller or not based on a pre-configured first interface authorization field of the target interface when the first caller key is verified to be consistent with a second caller key which is pre-configured for the caller and the interface calling instruction represents data calling.
In a third aspect, an embodiment of the present invention provides an interface management system, including a memory, a processor, an input/output device, and a display, which are coupled to each other, where a computer program is stored in the memory, and when the computer program is executed by the processor, the interface management system is caused to perform the method according to any one of the first aspect.
In a fourth aspect, the present invention provides a computer-readable storage medium, in which a computer program is stored, and when the computer program runs on a computer, the computer is caused to execute the method of any one of the first aspect.
Compared with the prior art, the interface management method, the device, the system and the computer readable storage medium provided by the embodiments of the present invention are that the interface management system first obtains an interface calling instruction including a first caller key and a target interface sent by a caller, and then judges whether to push data generated by a configurator to the caller based on a pre-configured first interface authorization field of the target interface when the first caller key is verified to be consistent with a second caller key configured for the caller in advance and the interface calling instruction represents data calling. In the implementation of the above process, when the interface management system receives the interface calling instruction of the caller, in addition to verifying the first calling key sent by the caller, the first interface authorization field configured by the target interface by the configurator needs to be used to judge whether the caller has the authority to call the data generated by the configurator through the target interface, that is, the safety of the interface data is ensured through multiple verifications.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
Fig. 1 is a schematic diagram of an interface management system according to an embodiment of the present invention;
fig. 2 is a flowchart of an interface management method according to a first embodiment of the present invention;
fig. 3 is a schematic diagram of an authentication and authorization interface of an interface management system according to a first embodiment of the present invention;
fig. 4 is a schematic interface authorization interface diagram of an interface management system according to a first embodiment of the present invention;
fig. 5 is a flowchart of another interface management method according to the first embodiment of the present invention;
fig. 6 is a flowchart of another interface management method according to the first embodiment of the present invention;
fig. 7 is a block diagram of an interface management apparatus according to a third embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. Meanwhile, in the description of the present invention, the terms "first", "second", and the like are used only for distinguishing the description, and are not to be construed as indicating or implying relative importance.
After the manufacturer establishes a connection with an interface of a portrait system used by the police, the manufacturer may provide portrait data, such as photo data, video stream data, etc., for the portrait system. In the portrait system at present, a large amount of portrait data exists, the portrait data may be provided by a plurality of different video manufacturers, and data inter-calling and pushing may also exist among the manufacturers. However, for various interfaces in the portrait system, the interface information presented in the portrait system is very little, even if the interface information is presented, the interface information is very simple, the interface information is not beneficial to the user to operate and view the use condition, and the interface information is not even more beneficial to the management of the interface of the public security department.
In order to solve the above problem, embodiments of the present invention provide a method, an apparatus, and a system for interface management, where the technology may be implemented by using corresponding software, hardware, and a combination of software and hardware. The following describes embodiments of the present invention in detail.
First, an interface management system 100 for implementing an interface management method, apparatus, and program according to an embodiment of the present invention is described with reference to fig. 1.
In the figure, the interface management system 100 may include a memory 110, a processor 120, an input output device 130, a display 140, and an interface management device.
The components of memory 210, processor 120, i/o device 130, display 140, and interface management device may be interconnected by a bus system and/or other form of connection mechanism (not shown). It should be noted that the components and structure of the interface management system 100 shown in FIG. 1 are exemplary only, and not limiting, and that the interface management system 100 may have other components and structures as desired. The interface management device includes at least one software function module which may be stored in the memory 110 in the form of software or firmware (firmware) or solidified in an Operating System (OS) of the interface management system 100. The processor 120 is configured to execute executable modules stored in the memory 110, such as software functional modules or computer programs included in the interface management apparatus.
The memory 110 may include one or more computer program products that may include various forms of computer-readable storage media, such as volatile memory and/or non-volatile memory. The volatile memory may include, for example, Random Access Memory (RAM), cache memory (cache), and/or the like. The non-volatile memory may include, for example, Read Only Memory (ROM), hard disk, flash memory, etc. On which one or more computer program instructions may be stored and executed by processor 120 to implement the functions desired in embodiments of the invention described below. Various applications and various data, such as various data used and/or generated by the applications, may also be stored in the computer-readable storage medium.
The processor 120 may be an integrated circuit chip having signal processing capabilities. The Processor 120 may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; but may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components. Processor 120 may implement or perform the methods, steps, and logic blocks disclosed in embodiments of the present invention.
The input and output devices 130 are used to provide input data to the user for enabling user interaction with the interface management system 100. The input/output unit 130 may be, but is not limited to, a mouse, a keyboard, and the like.
The display 140 provides an interactive interface (e.g., a user interface) between the interface management system 100 and a user or for displaying image data to a user reference. In this embodiment, the display 140 may be a liquid crystal display or a touch display. In the case of a touch display, the display can be a capacitive touch screen or a resistive touch screen, which supports single-point and multi-point touch operations. Supporting single-point and multi-point touch operations means that the touch display can sense touch operations from one or more locations on the touch display at the same time, and the sensed touch operations are sent to the processor 130 for calculation and processing.
The following description will be made of an interface management method performed by the interface management system 100 when a vendor calls an interface:
first embodiment
Referring to fig. 2, fig. 2 is a flowchart of an interface management method according to a first embodiment of the present invention, and the method is applied to an interface management system 100. The flow shown in fig. 2 will be described in detail below, and the method includes:
step S110: acquiring an interface calling instruction initiated by a calling party, wherein the interface calling instruction comprises: a target interface and a first caller key.
Step S120: and when the first caller secret key is verified to be consistent with a second caller secret key which is configured for the caller in advance and the interface calling instruction represents data calling, judging whether to push data generated by the configurator to the caller or not based on a first interface authorization field which is configured in advance of the target interface.
When a manufacturer as an interface caller initiates an interface call instruction to the interface management system 100 for the first time, the configurator may configure a second caller key for the caller through the interface management system 100 and inform the caller of the second caller key, so that the caller may make an interface call by means of the second caller key.
Optionally, the second caller key may be automatically generated by the interface management system 100 when the interface call instruction initiated by the caller is obtained for the first time. Optionally, the second caller key may also be configured by the configurator to the caller on its own initiative through the interface management system 100. Wherein the second caller key may be a 20-digit number comprising a number and a capital letter.
Of course, the interface management system 100 may also assign a caller number to the caller and inform the caller of the caller number along with the second caller key. The caller number may be automatically generated by the interface management system 100 according to the sequence of the obtained interface call instruction. For example, the interface management system 100 may generate the caller number 001 for the caller corresponding to the first obtained call interface command, may generate the caller number 002 for the caller corresponding to the second obtained call interface command, and so on.
The target interface included in the interface calling instruction is used for representing the interface to be called by the calling party. After obtaining the interface call instruction, the interface management system 100 may verify whether the caller has the right to call the data generated by the configurator through the target interface.
Optionally, the interface management system 100 may continue to execute the subsequent steps when it is verified that the first caller key sent by the caller is consistent with the second caller key sent to the caller in advance, that is, the first caller key is correct, otherwise, the interface call of the caller is rejected.
The interface management system 100 displays an interface calling instruction of the caller in the authentication authorization interface. The authentication and authorization interface displayed by the interface management system 100 may be as shown in fig. 3, and includes an information filling box 101 and an information submitting box 102, where the information filling box 101 includes a caller number, a caller name, a description, a caller key, and the like, and correspondingly, when the authentication and authorization interface is as shown in fig. 3, the interface calling instruction sent by the caller may also further include: caller number, caller name, description, etc.
The description may be used to introduce the basic case of a target interface, such as what the interface is used to do, which items to interface with, and so on.
In an alternative embodiment of the present invention, the interface call instruction of the caller may be used to characterize that the caller will make a call to data generated or transmitted by a vendor within the target interface.
The first interface authorization field is previously configured within the interface management system 100 by a configurator. The first interface authorization field is used to characterize the conditions that the configurator is allowed to invoke the data it generates through the target interface. For example, the B vendor side has previously configured the target interface with a first interface authorization field before the a vendor intends to make a call to data generated by the B vendor within the target interface. At this time, a is a premise that the caller wants to call data generated by B vendor in the target interface: the condition characterized by the first interface authorization field configured by B as the configurator for the target interface must be satisfied.
When the interface management system 100 determines that the vendor a meets the condition represented by the first interface authorization field, data generated by the vendor B is pushed to the vendor a, otherwise, the vendor a is rejected from calling the data generated by the vendor B through the target interface.
Of course, before determining whether to push the data generated by the configurator to the caller based on the preconfigured first interface authorization field of the target interface, the configurator may input the first interface authorization information for the target interface to the interface management system 100 based on the interface authorization page of the interface management system 100. The interface management system 100 may obtain the first interface authorization information, fill the first interface authorization information into the interface authorization field of the target interface to form a first interface authorization field, and then determine whether to push data generated by the configurator to the caller.
The implementation process of the interface management system 100 for filling the first interface authorization information into the interface authorization field of the target interface may be as follows:
when the interface management system 100 fills the first interface authorization information into the interface authorization field of the target interface to form a first interface authorization field, the interface authorization interface shown in fig. 4 may be presented to a configurator, and may include: one or more windows of access address limitation, flow limitation, authorization interface, data push, bottom library authorization, device authorization and the like are convenient for a configurator to correspondingly fill various fields included in the authorization information of the first interface in the windows, that is, the authorization field of the first interface may include one or more of access address limitation, flow limitation, authorization interface, data push, bottom library authorization and device authorization.
The access address limiting window can select an unlimited access IP address and a specified access IP address, and after the specified access IP address is selected, the IP address can be filled in and can be used; "separate, and may be represented by" - "as continuous.
The alternative options for the flow restriction window setting may be: 1, 3, 5, 10, etc.
The authorized interface is all authorized sub-interfaces in the connection state with the target interface, and the optional fields set by the window can be: a selection box, an interface name, an upper limit of calling times, a validity period, a start time, an end time and the like, wherein after being selected in the selection box, a special symbol, such as "√", "+", and the like, can be displayed in the selection box for representing that the subinterface is allowed to be authorized. The upper limit of the number of calls can be represented by "number", which represents the upper limit of the number of calls that the subinterface allows the same caller to call at most, and the validity period can be set to "long-term" or "temporary", and the start time and the end time together constitute the callable period that the subinterface allows to be called.
The data push can be all the data types that can be pushed by the target interface, and the fields are as follows: a selection box, a data type, a validity period, a start time, an end time, a queue name, a queue IP address, a queue port, a queue user name and a queue password. After defining the data type, the interface management system 100 may generate the data into different queues corresponding to the data type based on the card pushing mechanism. For a certain interface, only after the data in one of the queues is taken away or called by a calling party, the interface management system 100 continues to generate the data in one of the queues for vacancy filling, so that the problems of data backlog, data loss caused by network or program instability and the like are avoided. Of course, to ensure the security of the data at the time of the interface call, the queue generated by the card push mechanism may also include a queue password for the caller to perform a second password authentication in addition to the first caller key.
The authorization of the bottom library can display all databases in a tree form, and after a configurator selects a bottom library, the configurator can give three authorities of addition, deletion and query to the bottom library, wherein the default authority of query is given, for example, the A bottom library is selected, and the A bottom library has the queried authority by default. In addition, the selected base library characterizes that the base library can be called, and the base library is the database.
The device authorization may present the device identifiers of all devices in a tree form, and the selected device identifier is an authorized device identifier, and data generated by characterizing the device corresponding to the device identifier may be called.
After the interface management system 100 acquires the first interface authorization information, the fields are correspondingly filled in the window for display. Of course, when there are N windows displayed on the interface authorization interface, the configurator may select only M of the windows to be filled, where M is less than N, and the unfilled missing window representation is not limited.
As an optional implementation manner, when the data queue password is included in the first interface authorization field, determining whether to push the data generated by the configurator to the caller based on the first interface authorization field may include: the interface management system 100 pushes the data generated by the configuring party to the invoking party at least when verifying that the password sent by the invoking party matches the data queue password, otherwise, judges that the data generated by the configuring party cannot be pushed to the invoking party. The matching can be understood as that the password sent by the calling party is consistent with the data queue password.
As an optional implementation manner, when the first interface authorization field includes an access address limitation, determining whether to push the data generated by the configurator to the caller based on the first interface authorization field may include: the interface management system 100 pushes the data generated by the configuring party to the calling party at least when verifying that the IP address of the calling party is not the IP address limited within the access address limit, otherwise, determines that the data generated by the configuring party cannot be pushed to the calling party.
As an optional implementation manner, when the first interface authorization field includes an upper limit of the number of calls and/or a callable period, determining whether to push the data generated by the configurator to the caller based on the first interface authorization field may include: the interface management system 100 pushes the data generated by the configuration party to the caller at least when it is verified that the number of times of calling the target interface by the caller is less than the upper limit of the number of times of calling and/or the current calling time is within the callable period, otherwise, it is judged that the data generated by the configuration party cannot be pushed to the caller.
As an optional implementation manner, when the first interface authorization field includes an authorized device identifier, determining whether to push the data generated by the configurator to the caller based on the first interface authorization field may include: the interface management system 100 pushes the data generated by the configurator to the caller at least when verifying that the device identifier of the device called by the caller is included in the authorized device identifier, otherwise, judges that the data generated by the configurator cannot be pushed to the caller.
Of course, in another alternative embodiment of the present invention, the interface call instruction of the caller may also be used to characterize that the caller will perform interface authorization on the target interface.
In this embodiment, referring to fig. 5, after step S120, the interface management system 100 may perform steps S131-S133:
step S131: and acquiring second interface authorization information input by the caller when the first caller key and the second caller key are verified to be consistent and the interface calling instruction represents interface authorization.
Step S132: and filling the second interface authorization information into an interface authorization field to form a second interface authorization field.
Step S133: and judging whether to push the data generated by the calling party to other calling parties based on the second interface authorization field, wherein the other calling parties initiate interface calling instructions for representing data calling to the target interface in advance.
The second interface authorization field characterizes conditions that other callers need to possess to invoke the data generated by the caller through the target interface.
The process of the interface management system 100 obtaining the second interface authorization information input by the caller, and filling the second interface authorization information into the interface authorization field of the target interface to form the second interface authorization field is similar to the process of the interface management system 100 obtaining the first interface authorization information input by the configurator, and filling the first interface authorization information into the interface authorization field to form the first interface authorization field, and is not repeated here. The caller can complete the interface authorization of the target interface through steps S121 to S123.
As an alternative implementation, referring to fig. 6, before step S110, the method may further include:
step S101: an instruction to view the interface or edit the interface is received.
Step S102: and displaying an interface management interface according to the instruction, wherein the interface management interface displays all interfaces and interface authorization fields of each interface.
Wherein the interface authorization field of each of the interfaces may include: one or more of an interface description, access address restrictions, traffic restrictions, authorization interface, data push, database authorization, and device authorization.
Optionally, the current called times of each interface may be further stored in the local database in advance, and the interface management interface further displays the current called times of each interface.
Optionally, an upper limit of the number of calls of each interface may be further pre-stored in the local database, and the interface management interface further displays an interface set in which the current number of calls is smaller than the upper limit of the number of calls, an interface field of each interface in the interface set, and the current number of calls of each interface.
Step S103: and acquiring the first interface authorization field configured for the target interface through the interface management interface.
The above process can be implemented completely based on the interface presented by the interface management system 100, and for the calling party, the interface calling process is simplified, and for the interface manager, the authority of the interface can be managed through the information input by the configuration party, so that the workload of the interface manager is greatly reduced.
In the interface management method according to the first embodiment of the present invention, an interface management system first obtains an interface call instruction that includes a first caller key and a target interface and is sent by a caller, and then determines whether to push data generated by a configurator to the caller based on a first interface authorization field pre-configured for the target interface when it is verified that the first caller key is consistent with a second caller key pre-configured for the caller and the interface call instruction represents data call. In the implementation of the above process, when the interface management system receives the interface calling instruction of the caller, in addition to verifying the first calling key sent by the caller, the first interface authorization field configured by the target interface by the configurator needs to be used to judge whether the caller has the authority to call the data generated by the configurator through the target interface, that is, the safety of the interface data is ensured through multiple verifications.
Second embodiment
Referring to fig. 7, a second embodiment of the present invention provides an interface management apparatus 400 applied to an interface management system 100, corresponding to the interface management method in the first embodiment. The block diagram of the structure shown in fig. 7 will be explained, and the illustrated apparatus includes:
an obtaining module 410, configured to obtain an interface call instruction sent by a caller, where the interface call instruction includes: a target interface and a first caller key;
a pushing module 420, configured to, when it is verified that the first caller key is consistent with a second caller key configured for the caller in advance and the interface call instruction represents data call, determine, based on a first interface authorization field configured in advance for the target interface, whether to push data generated by the configurator to the caller.
Optionally, the obtaining module 410 is further configured to obtain first interface authorization information input by the configurator for the target interface, and fill the first interface authorization information into an interface authorization field of the target interface to form a first interface authorization field.
Optionally, the first interface authorization field may include a data queue password, and the obtaining module 410 is configured to push data generated by the configuring party to the invoking party at least when it is verified that the password sent by the invoking party matches the data queue password.
Optionally, the first interface authorization field may include an access address limit, and the obtaining module 410 is configured to push data generated by the configuring party to the calling party at least when it is verified that the IP address of the calling party is not the IP address limited within the access address limit.
Optionally, the first interface authorization field may include an upper limit of a number of calls and/or a callable period, and the obtaining module 410 is configured to, at least when it is verified that the number of calls of the caller to the target interface is smaller than the upper limit of the number of calls and/or the current call time is within the callable period, push data generated by the configurator to the caller.
Optionally, the first interface authorization field may include an authorized device identifier, and the obtaining module 410 is configured to push data generated by the configurator to the caller at least when it is verified that the device identifier of the device called by the caller is included in the authorized device identifier.
Optionally, the apparatus may further include a get fill module configured to: when the first caller secret key and the second caller secret key are verified to be consistent and the interface calling instruction represents the interface authorization, second interface authorization information input by the caller is obtained, the second interface authorization information is filled into an interface authorization field to form a second interface authorization field, then whether data generated by the caller is pushed to other callers is judged based on the second interface authorization field, and the other callers initiate interface calling instructions for representing data calling to the target interface in advance.
Optionally, the device may further comprise a receiving module and a display module,
the receiving module is used for receiving an instruction of a viewing interface or an editing interface;
a display module, configured to display an interface management interface according to the instruction, where the interface management interface displays all interfaces and an interface authorization field of each interface, and the interface authorization field of each interface includes: one or more of an interface description, access address restrictions, traffic restrictions, authorization interface, data push, database authorization, and device authorization.
At this time, the obtaining module 410 may be further configured to obtain the first interface authorization field configured for the target interface through the interface management interface.
The device provided by the embodiment of the present invention has the same implementation principle and technical effect as the first embodiment, and for the sake of brief description, reference may be made to the corresponding contents in fig. 1 to 6 in the foregoing method embodiments without reference to the device embodiment.
In addition, an embodiment of the present invention further provides an interface management system, which includes a memory, a processor, an input/output device, and a display, which are coupled to each other. A schematic diagram of which may be as shown in figure 1. A computer program is stored in the memory, and when the computer program is executed by the processor, the interface management system is enabled to execute the interface management method provided by any embodiment of the invention.
Furthermore, an embodiment of the present invention further provides a computer-readable storage medium, in which a computer program is stored, and when the computer program runs on a computer, the computer is caused to execute the interface management method provided in any one of the embodiments of the present invention.
In addition, an embodiment of the present invention further provides a computer program, where the computer program may be stored in a cloud or a local storage medium, and when the computer program runs on a computer, the computer is enabled to execute the interface management method provided in any embodiment of the present invention.
In summary, according to the interface management method, the apparatus, the system, and the computer-readable storage medium provided in the embodiments of the present invention, the interface management system first obtains an interface call instruction including a first caller key and a target interface, which is sent by a caller, and then determines whether to push data generated by a configurator to the caller based on a pre-configured first interface authorization field of the target interface when it is verified that the first caller key is consistent with a second caller key configured for the caller in advance and the interface call instruction represents data call. When the interface management system receives the interface calling instruction of the caller, the first calling key sent by the caller is verified, and whether the caller has the authority to call the data generated by the configurator through the target interface is judged through the first interface authorization field configured by the configurator to the target interface, that is, the safety of the interface data is ensured through multiple verifications.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, the functional modules in the embodiments of the present invention may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes. It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention. It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (12)

1. An interface management method is applied to an interface management system, and the method comprises the following steps:
obtaining an interface calling instruction sent by a calling party, wherein the interface calling instruction comprises: a target interface and a first caller key;
when the first caller secret key is verified to be consistent with a second caller secret key which is configured for the caller in advance and the interface calling instruction represents data calling, whether data generated by a configurator is pushed to the caller is judged based on a first interface authorization field which is configured in advance of the target interface;
when the first caller secret key and the second caller secret key are verified to be consistent and the interface calling instruction represents interface authorization, acquiring second interface authorization information input by the caller aiming at the target interface; filling the second interface authorization information into an interface authorization field to form a second interface authorization field; and judging whether to push the data generated by the calling party to other calling parties based on the second interface authorization field, wherein the other calling parties initiate interface calling instructions for representing data calling to the target interface in advance.
2. The method of claim 1, wherein before determining whether to push the configurator-generated data to the caller based on a preconfigured first interface authorization field of the target interface, the method further comprises:
acquiring first interface authorization information input by the configurator aiming at the target interface;
and filling the first interface authorization information into an interface authorization field of the target interface to form a first interface authorization field.
3. The method of claim 2, wherein the first interface authorization field comprises a data queue password, and the determining whether to push the data generated by the configurator to the caller based on the preconfigured first interface authorization field of the target interface comprises:
and at least pushing the data generated by the configuration party to the calling party when the password sent by the calling party is verified to be matched with the password of the data queue.
4. The method of claim 2, wherein the first interface authorization field comprises an access address restriction, and wherein determining whether to push the data generated by the configurator to the caller based on the preconfigured first interface authorization field of the target interface comprises:
and pushing data generated by the configurator to the caller at least when the IP address of the caller is verified not to be the IP address limited within the access address limit.
5. The method according to claim 2, wherein the first interface authorization field includes an upper limit of the number of calls and/or a callable period, and the determining whether to push the data generated by the configurator to the caller based on the preconfigured first interface authorization field of the target interface includes:
and at least pushing data generated by the configuration party to the calling party when the calling times of the calling party to the target interface are smaller than the upper limit of the calling times and/or the current calling time is within the callable time period.
6. The method of claim 2, wherein the first interface authorization field comprises an authorized device identifier, and wherein determining whether to push the data generated by the configurator to the caller based on a preconfigured first interface authorization field of the target interface comprises:
and pushing data generated by the configurator to the caller at least when the device identification of the device called by the caller is verified to be contained in the authorized device identification.
7. The method of claim 1, wherein before obtaining the caller-initiated interface call instruction, the method further comprises:
receiving an instruction of a viewing interface or an editing interface;
according to the instruction, an interface management interface is displayed, the interface management interface displays all interfaces and interface authorization fields of each interface, and the interface authorization fields of each interface comprise: one or more of an interface description, access address restrictions, traffic restrictions, authorization interface, data push, database authorization, and device authorization;
and acquiring the first interface authorization field configured for the target interface through the interface management interface.
8. The method according to claim 7, wherein the current number of times of call of each of the interfaces is previously stored in a local database, and the interface management interface further displays the current number of times of call of each of the interfaces.
9. The method according to claim 8, wherein a calling number upper limit of each interface is pre-saved in the local database, and the interface management interface further displays a set of interfaces of which the current called number is smaller than the calling number upper limit, an interface field of each interface in the set of interfaces, and the current called number of each interface.
10. An interface management apparatus, applied to an interface management system, the apparatus comprising:
the obtaining module is used for obtaining an interface calling instruction sent by a calling party, and the interface calling instruction comprises: a target interface and a first caller key;
the pushing module is used for judging whether to push data generated by the configurator to the caller or not based on a pre-configured first interface authorization field of the target interface when the first caller secret key is verified to be consistent with a second caller secret key which is pre-configured for the caller and the interface calling instruction represents data calling;
the execution module is used for acquiring second interface authorization information input by the caller aiming at the target interface when the first caller key and the second caller key are verified to be consistent and the interface calling instruction represents interface authorization; filling the second interface authorization information into an interface authorization field to form a second interface authorization field; and judging whether to push the data generated by the calling party to other calling parties based on the second interface authorization field, wherein the other calling parties initiate interface calling instructions for representing data calling to the target interface in advance.
11. A computer-readable storage medium, in which a computer program is stored which, when run on a computer, causes the computer to carry out the method according to any one of claims 1-9.
12. An interface management system comprising a memory, a processor, an input output device, and a display coupled to each other, the memory storing a computer program that, when executed by the processor, causes the interface management system to perform the method of any of claims 1-9.
CN201810964178.6A 2018-08-22 2018-08-22 Interface management method, device, system and computer readable storage medium Active CN109246092B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810964178.6A CN109246092B (en) 2018-08-22 2018-08-22 Interface management method, device, system and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810964178.6A CN109246092B (en) 2018-08-22 2018-08-22 Interface management method, device, system and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN109246092A CN109246092A (en) 2019-01-18
CN109246092B true CN109246092B (en) 2021-08-10

Family

ID=65068645

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810964178.6A Active CN109246092B (en) 2018-08-22 2018-08-22 Interface management method, device, system and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN109246092B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109977697A (en) * 2019-04-03 2019-07-05 陕西医链区块链集团有限公司 A kind of data grant method of block chain
CN112395568A (en) * 2019-08-14 2021-02-23 北京京东尚科信息技术有限公司 Interface authority configuration method, device, equipment and storage medium
CN111083541B (en) * 2019-12-30 2022-10-04 深圳Tcl数字技术有限公司 Interface calling method and device, smart television and readable storage medium
CN111324906A (en) * 2020-02-17 2020-06-23 中国建设银行股份有限公司 Automatic access method and device based on data interface and electronic equipment
CN111324476A (en) * 2020-02-20 2020-06-23 Oppo广东移动通信有限公司 Interface calling method and device, electronic equipment and storage medium
CN113836497A (en) * 2020-06-24 2021-12-24 武汉杰开科技有限公司 Program running method, integrated circuit chip and related device
CN112104671B (en) * 2020-11-12 2021-03-02 深圳壹账通智能科技有限公司 Interface authorization monitoring method and device, computer equipment and storage medium
CN114051058B (en) * 2021-09-27 2024-03-26 北京旷视科技有限公司 Interface calling method, platform, electronic equipment and computer storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103701761A (en) * 2012-09-28 2014-04-02 中国电信股份有限公司 Authentication method for invoking open interface and system
CN106302346A (en) * 2015-05-27 2017-01-04 阿里巴巴集团控股有限公司 The safety certifying method of API Calls, device, system
CN107070782A (en) * 2017-05-02 2017-08-18 山东浪潮通软信息科技有限公司 A kind of Interface integration method, server and the system expansible based on message queue
CN107135073A (en) * 2016-02-26 2017-09-05 北京京东尚科信息技术有限公司 Interface interchange method and apparatus
CN107194272A (en) * 2017-04-18 2017-09-22 北京潘达互娱科技有限公司 Database-access rights application method and device

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9325699B2 (en) * 2013-03-15 2016-04-26 Vonage America Inc. Method for apparatus for routing application programming interface (API) calls
CN105634743B (en) * 2015-12-30 2019-10-25 中国银联股份有限公司 The authentication method called for open interface

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103701761A (en) * 2012-09-28 2014-04-02 中国电信股份有限公司 Authentication method for invoking open interface and system
CN106302346A (en) * 2015-05-27 2017-01-04 阿里巴巴集团控股有限公司 The safety certifying method of API Calls, device, system
CN107135073A (en) * 2016-02-26 2017-09-05 北京京东尚科信息技术有限公司 Interface interchange method and apparatus
CN107194272A (en) * 2017-04-18 2017-09-22 北京潘达互娱科技有限公司 Database-access rights application method and device
CN107070782A (en) * 2017-05-02 2017-08-18 山东浪潮通软信息科技有限公司 A kind of Interface integration method, server and the system expansible based on message queue

Also Published As

Publication number Publication date
CN109246092A (en) 2019-01-18

Similar Documents

Publication Publication Date Title
CN109246092B (en) Interface management method, device, system and computer readable storage medium
US11196732B2 (en) Single sign-on registration
US10169564B2 (en) Variable image presentation for authenticating a user
US9450955B2 (en) Authenticator for user state management
US10419485B2 (en) Picture/gesture password protection
US10673846B2 (en) Pressure-based authentication
US20170093841A1 (en) Cognitive password entry system
EP3352066A1 (en) Method and apparatus for displaying function interface
CN107402766B (en) Page layout management method and device
US8522323B1 (en) System and method for obtaining identities
US20220337668A1 (en) Systems and methods for real-time repository management for universal service deployment
US9390239B2 (en) Software system template protection
US11277410B2 (en) Systems and methods for integrating systems over untrusted networks
CN113852621B (en) License information determining method and device based on Jenkins server and storage medium
US9824113B2 (en) Selective content storage with device synchronization
CN110781142B (en) Data import method and device, server and storage medium
CN107578297B (en) Member information aggregation method and device
CN114579949A (en) Data access method and device and electronic equipment
EP3427173B1 (en) Passcodes for computing devices
US11240229B2 (en) Systems and methods for integrating systems over untrusted networks
US10885163B2 (en) Authentication without inputting passwords
US20210306316A1 (en) Systems and methods for integrating systems over untrusted networks
JP6379679B2 (en) Processing program, information processing apparatus, and information processing method
CN117251868A (en) Construction engineering cost information management method and device
CN114139139A (en) Authority management and control method and device for service and application and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant