CN111756544A - Interface calling validity checking method and device - Google Patents
Interface calling validity checking method and device Download PDFInfo
- Publication number
- CN111756544A CN111756544A CN202010391727.2A CN202010391727A CN111756544A CN 111756544 A CN111756544 A CN 111756544A CN 202010391727 A CN202010391727 A CN 202010391727A CN 111756544 A CN111756544 A CN 111756544A
- Authority
- CN
- China
- Prior art keywords
- signature
- field
- request
- data
- interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/133—Protocols for remote procedure calls [RPC]
Abstract
The invention discloses a method for verifying interface calling legality, which comprises the following steps of intercepting an interface calling request; acquiring a corresponding field value from the interface calling request according to at least one preset signature field; splicing the field values corresponding to all the acquired preset signature fields according to a preset format to obtain data to be verified; according to the signature data in the interface calling request, performing signature verification on the data to be verified; and if the verification is passed, allowing the interface calling request to be executed. The invention also discloses an interface calling validity checking device, a computer storage medium and an electronic device.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method and an apparatus for verifying interface call validity, a storage medium, and an electronic apparatus.
Background
It is a very extensive practice in the field of current computer application development to invoke a third-party interface to obtain various data or services. As an interface (service) provider, when providing an interface service to a third party, a security problem of interface data is a problem that must be considered. For example, if data is tampered with, how is it known whether transmitted data is tampered with? In the prior art, it is common practice to sign transmitted data. When the method is applied to interface (service) calling, in the related technology, an interface caller is required to perform data signature on the whole request data, and a service provider performs signature verification.
With the micronization of interface (service) offerings, a business application involves a large number of interfaces (services). Meanwhile, due to the openness and the wide calling of the interface, when a secret key for signature is leaked carelessly, the interruption or suspension of the interface (service) can be caused, and how to quickly resume the secure access of the interface becomes a problem to be faced in the interface (service) calling field.
Disclosure of Invention
In order to solve the technical problem, the invention provides a method, a device, a storage medium and an electronic device for verifying the legality of interface calling, which can quickly recover the safe access of an interface, prevent the data of the interface from being tampered and ensure the safety of the data of the interface.
The embodiment of the invention provides an interface calling validity checking method, which comprises the following steps,
intercepting an interface calling request;
acquiring a corresponding field value from the interface calling request according to at least one preset signature field;
splicing the field values corresponding to all the acquired preset signature fields according to a preset format to obtain data to be verified;
according to the signature data in the interface calling request, performing signature verification on the data to be verified;
and if the verification is passed, allowing the interface calling request to be executed.
The embodiment of the invention also discloses an interface calling validity checking device, which comprises,
the request interception module is set to intercept an interface calling request;
the signature field acquisition module is set to acquire a corresponding field value from the interface calling request according to at least one preset signature field;
the verification module is used for splicing the field values corresponding to all the acquired preset signature fields according to a preset format to obtain data to be verified; according to the signature data in the interface calling request, performing signature verification on the data to be verified; and if the verification is passed, allowing the interface calling request to be executed.
The embodiment of the invention also provides a computer storage medium, wherein a computer program is stored in the computer storage medium, and the computer program is set to execute any one of the above interface calling validity checking methods when running.
An embodiment of the present invention further provides an electronic apparatus, which includes a memory and a processor, and is characterized in that the memory stores a computer program, and the processor is configured to run the computer program to execute any one of the above interface call validity check methods.
According to the configurable field scheme to be signed, which is provided by the invention, the legality checking requirement can be flexibly changed by changing the configured signature field; when the signature key is leaked, the configuration of the field to be signed is changed, so that the safety access of the interface can be quickly recovered, the interface data is prevented from being tampered, and the safety of the interface data is ensured.
Drawings
Fig. 1 is a flowchart illustrating an interface invoking validity checking method according to an embodiment;
fig. 2 is a flowchart of an interface call validity checking method according to the second embodiment;
FIG. 3 is a diagram illustrating interface call request data according to a second embodiment;
fig. 4 is a structural diagram of an interface calling validity checking apparatus according to the third embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail with reference to the accompanying drawings and specific embodiments. It should be noted that the embodiments and features of the embodiments in the present application may be arbitrarily combined with each other without conflict.
Example one
The embodiment provides a method for checking validity of interface call, whose flow is shown in fig. 1, including,
step 101, intercepting an interface calling request;
102, acquiring a corresponding field value from the interface calling request according to at least one preset signature field;
103, splicing the field values corresponding to all the acquired preset signature fields according to a preset format to obtain data to be verified;
104, according to the signature data in the interface calling request, performing signature verification on the data to be verified; and if the verification is passed, allowing the interface calling request to be executed.
Optionally, the interface call request is an HTTP (HyperText Transfer Protocol) request;
the acquiring, according to at least one preset signature field, a corresponding field value from the interface call request includes:
respectively acquiring corresponding field values from the message structure of the HTTP request according to the preset parameter type of each signature field;
the parameter type includes one of: a request Header, a request parameter Query, a request Path and a request Body.
Optionally, intercepting the interface call request in step 101 includes: and intercepting the interface call request through a filter to obtain HTTP request data.
Optionally, when the parameter type of the signature field is Query, acquiring a field value corresponding to the signature field includes: taking the signature field as a key word, and taking out a corresponding field value from Query data in the HTTP request message;
when the parameter type of the signature field is Header, obtaining a field value corresponding to the signature field, including: taking the signature field as a key word, and taking out a corresponding field value from Header data in the HTTP request message;
when the parameter type of the signature field is Path, acquiring a field value corresponding to the signature field, including: performing regular matching according to a pre-configured general interface address of the interface and an actual request address of the HTTP request, and acquiring a field value corresponding to the signature field;
when the parameter type of the signature field is Body, obtaining a field value corresponding to the signature field, including: serializing json (JavaScript Object Notation, JS Object Notation) strings corresponding to Body data of the HTTP request into a map structure, traversing the map structure, and acquiring a field value corresponding to the signature field.
Optionally, in step 103, splicing the field values corresponding to all the obtained preset signature fields according to a predetermined format to obtain data to be verified, where the step includes:
sequentially splicing all the acquired preset signature fields and the field values corresponding to the signature fields according to a first preset format to obtain data to be verified;
or sequentially splicing the field values corresponding to all the acquired preset signature fields according to a second preset format to obtain the data to be verified.
Optionally, in step 104, performing signature verification on the data to be verified according to the signature data in the interface call request, including:
calculating the hash value of the data to be verified by adopting a hash algorithm, judging whether the calculated hash value is consistent with the signature data in the interface calling request or not, and if so, successfully verifying the signature; if not, the signature verification fails.
Optionally, signing the data to be verified by adopting other algorithms, comparing the signed result with the signed data in the interface calling request, and if the signed result is consistent with the signed data in the interface calling request, successfully verifying the signature; if not, the signature verification fails.
Optionally, the interface call request may be an interface request in other forms, and is not limited to the HTTP request manner; and the interface provider and the interface caller adopt a negotiation consistent interface calling mode.
Optionally, after reconfiguring the at least one signature field, the step 102 obtains a corresponding field value according to the reconfigured signature field;
it can be seen that if the key for signing is compromised, the interface provider changes the configuration of the required signature fields. Under the condition that the signature key is not changed and the basic interface calling mode is not changed, a legal caller sends an interface calling request after performing data signature according to the requirement of a new signature field, and can pass signature verification smoothly and be serviced smoothly; and not the legitimate caller (knowing the signing key) because the signature is still required from the old signature field and the interface call is made, the signature fails to verify and the service is denied. By adopting the scheme of flexibly configuring the signature field, the influence on the normal operation of the interface (service) when the signature key is leaked can be greatly reduced, and the illegal calling can be rapidly identified and the normal interface calling service can be continuously provided for the legal user by changing the field to be signed under the conditions of not changing the key and the interface calling mode.
The interface caller actively acquires the updated required signature field from the interface provider by adopting the interface for acquiring the required signature field; or the interface provider informs the interface caller of the updated required signature field in a determined manner; and is not limited to a particular interface or manner of notification.
Example two
The embodiment of the invention takes HTTP interface calling as an example, and provides an interface calling validity checking method, the flow of which is shown in figure 2 and comprises the following steps:
step 201, intercepting an HTTP request for calling an interface API service by a filter, and acquiring transmitted data from the HTTP request. The basic data structure of the HTTP request is divided into: four types of Header, Query, Path and Body represent data of four different positions.
Step 202, according to the pre-configured signature fields that need to be signed, obtaining the field values corresponding to all the signature fields from the HTTP request.
And step 203, splicing the field values corresponding to all the acquired preset signature fields according to a preset format to obtain data to be verified.
Step 204, according to the signature data in the HTTP request, performing signature verification on the data to be verified;
step 205, if the verification is passed, allowing the interface calling request to be executed;
and step 206, if the verification fails, refusing to execute the interface calling request.
Optionally, the pre-configured signature field that needs to be signed is stored in table 1;
table 1 signature fields table
Alternatively, without limitation to configuring the fields to be signed in the form of table 1 above, one skilled in the art may save the configuration results in a configuration file or other form.
For example, example 1, get application information interface: /api-admin/apis/info
Example 2, get signature field interface: /{ api _ id/{ api _ fields }
For the interface in example 1, the preconfigured signature field is shown in Table 2
Table 2 example 1 preconfigured signature field
For the interface in example 2, the preconfigured signature field is shown in Table 3
Table 3 example 2 preconfiguration of signature field
| Id | Field_name | Api_id | Type |
| 5 | api_id | 456 | Path |
The core of step 202 is to convert the acquired request data into a set of key-values, then acquire field data (field value) of a specified signature according to a pre-configured signature field, and if there is a complex hierarchical relationship in the data, key is represented by a chain, for example, user name represents user name and api info name represents application name.
And traversing the set of key-values to obtain a field value corresponding to the specified signature field, and respectively taking out the signature data of Header, Query, Path and Body according to the type, wherein the Header and the Query are simpler, and the data with the keyword key of field _ name is taken out from the request data of the Query and the Header.
Acquiring Body data, serializing the json string of the Body into a map structure, and acquiring data of a hierarchical structure by a recursive map; data with key field _ name is fetched.
For example, according to the configuration of table 2 of example 1, the signature field that requires a signature includes: is _ sign, apiinfo.id, apiinfo.name, app _ key, according to the HTTP request shown in fig. 3, the corresponding obtained field values are: 1. 123123123, aaaa, webapp;
according to the configuration of table 3 of example 2, the signature field that requires signature includes: api _ id. Table 3 is used to illustrate how the signature field with the parameter type of Path is configured, and does not represent the specific steps involved in the service flow in a specific embodiment of the present invention.
For example, when the interface shown in example 2 is called, it needs to obtain a field value corresponding to the signature field api _ id of the Path type in the interface call request, including: according to an interface address pre-configured by the interface, such as/api/signaturefield/{ api _ id }, adopting regular matching with an actual address of the HTTP request, such as/api/signaturefield/123, and acquiring data of api _ id ═ 123; and (5) taking out the data with the key of field _ name, namely acquiring the field value corresponding to the signature field api _ id with the type of Path as 123 _.
Optionally, in step 203, splicing the field values corresponding to all the obtained preset signature fields according to a predetermined format to obtain data to be verified, where the step includes:
sequentially splicing all the acquired preset signature fields and the field values corresponding to the signature fields according to a first preset format to obtain data to be verified;
or sequentially splicing the field values corresponding to all the acquired preset signature fields according to a second preset format to obtain the data to be verified.
For example, the first predetermined format is: splicing in a KEY ═ VALUE form, connecting a plurality of fields in a symbol manner to obtain a character string, and then the data to be verified of the example 1 is: is _ sign ═ 1& apiinfo.id ═ 123123123& apiinfo.name ═ aaaa & app _ key ═ webapp;
alternatively, the first predetermined format is: if a plurality of KEY fields are connected by a (sign) or a plurality of VALUE fields are connected by a (sign) to obtain a string, the data to be verified in example 1 is: is _ sign & apiinfo.id & apiinfo.name & app _ key ═ 1&123123123& aaaa & webapp; wherein the separating or connecting symbols may adopt other characters, and the first predetermined format is not limited to the above-mentioned exemplary form of the embodiment.
For example, the second predetermined format is: and connecting the VALUEs and symbols according to a plurality of VALUE fields to obtain a character string, wherein the data to be verified of the example 1 is as follows: 1&123123123& aaaa & webapp; wherein the separating or connecting symbols may adopt other characters, and the second predetermined format is not limited to the above-mentioned exemplary form of the embodiment.
The data to be verified obtained in example 2 was estimated in a similar manner to that in example 1 as exemplified above, and is not limited to the specific format described above.
In step 204, the performing signature verification on the data to be verified according to the signature data in the HTTP request includes:
calculating the hash value of the data to be verified by adopting a hash algorithm, judging whether the calculated hash value is consistent with the signature data in the HTTP request, and if so, successfully verifying the signature; if not, the signature verification fails.
Optionally, performing a SHA algorithm on the data to be verified obtained in step 203 by using a SHA256 SHA algorithm to obtain signature result data server _ signature ═ HMAC _ SHA _256(signature str, app _ secret)
Wherein, the signaturetr is data to be verified, and app _ secret is a signature key.
Comparing the signature result data server _ signature with a signature field value extracted from a Header in the HTTP request; if the two are consistent, the signature verification is successful; if not, the signature verification fails.
Other algorithms may be adopted to sign the data to be verified, and the signature is negotiated with the interface caller, which is not limited to the SHA256 algorithm exemplified in the embodiment of the present invention.
It can be seen that if the key for signing is compromised, the interface provider changes the configuration of the required signature fields. Under the condition that the signature key is not changed and the basic interface calling mode is not changed, a legal caller sends an interface calling request after performing data signature according to the requirement of a new signature field, and can pass signature verification smoothly and be serviced smoothly; and not the legitimate caller (knowing the signing key) because the signature is still required from the old signature field and the interface call is made, the signature fails to verify and the service is denied. By adopting the scheme of flexibly configuring the signature field, the influence on the normal operation of the interface (service) when the signature key is leaked can be greatly reduced, and the illegal calling can be rapidly identified and the normal interface calling service can be continuously provided for the legal user by changing the field to be signed under the conditions of not changing the key and the interface calling mode.
Optionally, the interface provider further provides an interface for acquiring the signature key, and the interface caller tunes the interface in advance to acquire the signature key; alternatively, the interface caller may obtain the signing key in advance through a file or other means, and the specific form is not limited to the example in this embodiment.
For example, an interface provider provides an interface to obtain a signing key: a/api/apps/{ app _ key }, app _ key being the unique identification that the interface provider distributes to each application that needs access to the interface.
Optionally, the interface provider further provides an interface for acquiring a field to be signed of the interface, and the interface caller calls the interface to acquire the signature field to be signed of the application; alternatively, the interface caller may also know the signature field needing to be signed by a file or other means, and the specific form is not limited to the example in this embodiment. After the interface provider updates the configuration of the signature field needing to be verified, the interface caller acquires new configuration information by adopting the interface or a related scheme.
For example, interface/API/signatureFields/{ API _ id } is provided for obtaining a signature field that an interface/API needs to sign, API _ id being a unique identifier of the API.
EXAMPLE III
The embodiment of the present invention provides an interface call validity checking apparatus 40, as shown in fig. 4, including a request intercepting module 401 configured to intercept an interface call request;
a signature field obtaining module 402 configured to obtain a corresponding field value from the interface call request according to at least one preset signature field;
the verification module 403 is configured to splice field values corresponding to all the obtained preset signature fields according to a predetermined format to obtain data to be verified; according to the signature data in the interface calling request, performing signature verification on the data to be verified; and if the verification is passed, allowing the interface calling request to be executed.
Optionally, the interface call request is an HTTP request;
the signature field obtaining module 402 obtains a corresponding field value from the interface call request according to at least one preset signature field, including:
respectively acquiring corresponding field values from the message structure of the HTTP request according to the preset parameter type of each signature field;
the parameter type includes one of: a request Header, a request parameter Query, a request Path and a request Body.
Optionally, the request intercepting module 401 intercepts an interface call request, including: and intercepting the interface call request through a filter to obtain HTTP request data.
Optionally, when the parameter type of the signature field is Query, the signature field obtaining module 402 obtains a field value corresponding to the signature field, including: taking the signature field as a key word, and taking out a corresponding field value from Query data in the HTTP request message;
when the parameter type of the signature field is Header, the signature field obtaining module 402 obtains a field value corresponding to the signature field, including: taking the signature field as a key word, and taking out a corresponding field value from Header data in the HTTP request message;
when the parameter type of the signature field is Path, the signature field obtaining module 402 obtains a field value corresponding to the signature field, including: performing regular matching according to a pre-configured general interface address of the interface and an actual request address of the HTTP request, and acquiring a field value corresponding to the signature field;
when the parameter type of the signature field is Body, the signature field obtaining module 402 obtains a field value corresponding to the signature field, including: serializing the json string corresponding to the Body data of the HTTP request into a map structure, traversing the map structure, and acquiring a field value corresponding to the signature field.
Optionally, the splicing, by the checking module 403, according to a predetermined format, the obtained field values corresponding to all the preset signature fields to obtain data to be verified, where the obtaining includes:
sequentially splicing all the acquired preset signature fields and the field values corresponding to the signature fields according to a first preset format to obtain data to be verified;
or sequentially splicing the field values corresponding to all the acquired preset signature fields according to a second preset format to obtain the data to be verified.
Optionally, the signature verification of the data to be verified in the verification module 403 according to the signature data in the interface call request includes:
calculating the hash value of the data to be verified by adopting a hash algorithm, judging whether the calculated hash value is consistent with the signature data in the interface calling request or not, and if so, successfully verifying the signature; if not, the signature verification fails.
Optionally, signing the data to be verified by adopting other algorithms, comparing the signed result with the signed data in the interface calling request, and if the signed result is consistent with the signed data in the interface calling request, successfully verifying the signature; if not, the signature verification fails.
An embodiment of the present invention provides a storage medium, where a computer program is stored in the storage medium, where the computer program is configured to execute any one of the above methods for invoking validity checking during running.
An embodiment of the present invention further provides an electronic apparatus, including a memory and a processor, where the memory stores a computer program, and the processor is configured to run any one of the above methods for invoking validity checking.
It will be understood by those of ordinary skill in the art that all or some of the steps of the methods, systems, functional modules/units in the devices disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed by several physical components in cooperation. Some or all of the components may be implemented as software executed by a processor, such as a digital signal processor or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as is well known to those of ordinary skill in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, Digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to those skilled in the art.
Claims (10)
1. An interface call validity checking method includes,
intercepting an interface calling request;
acquiring a corresponding field value from the interface calling request according to at least one preset signature field;
splicing the field values corresponding to all the acquired preset signature fields according to a preset format to obtain data to be verified;
according to the signature data in the interface calling request, performing signature verification on the data to be verified;
and if the verification is passed, allowing the interface calling request to be executed.
2. The method of claim 1, wherein,
the interface calling request is an HTTP request;
the acquiring, according to at least one preset signature field, a corresponding field value from the interface call request includes:
respectively acquiring corresponding field values from the message structure of the HTTP request according to the preset parameter type of each signature field;
the parameter type includes one of: a request Header, a request parameter Query, a request Path and a request Body.
3. The method of claim 2, wherein,
the intercepting interface calls the request, including: and intercepting the interface call request through a filter to obtain HTTP request data.
4. The method of claim 2, wherein,
when the parameter type of the signature field is Query, acquiring a field value corresponding to the signature field, including: taking the signature field as a key word, and taking out a corresponding field value from Query data in the HTTP request message;
when the parameter type of the signature field is Header, obtaining a field value corresponding to the signature field, including: taking the signature field as a key word, and taking out a corresponding field value from Header data in the HTTP request message;
when the parameter type of the signature field is Path, acquiring a field value corresponding to the signature field, including: performing regular matching according to a pre-configured general interface address of the interface and an actual request address of the HTTP request, and acquiring a field value corresponding to the signature field;
when the parameter type of the signature field is Body, obtaining a field value corresponding to the signature field, including: serializing the json string corresponding to the Body data of the HTTP request into a map structure, traversing the map structure, and acquiring a field value corresponding to the signature field.
5. The method according to any one of claims 1 to 4,
the splicing the field values corresponding to all the obtained preset signature fields according to the preset format to obtain the data to be verified comprises the following steps:
sequentially splicing all the acquired preset signature fields and the field values corresponding to the signature fields according to a first preset format to obtain data to be verified;
or sequentially splicing the field values corresponding to all the acquired preset signature fields according to a second preset format to obtain the data to be verified.
6. The method according to any one of claims 1 to 4,
the signature verification of the data to be verified according to the signature data in the interface calling request comprises the following steps:
calculating the hash value of the data to be verified by adopting a hash algorithm, judging whether the calculated hash value is consistent with the signature data in the interface calling request or not, and if so, successfully verifying the signature; if not, the signature verification fails.
7. An interface calling validity checking device is characterized by comprising,
the request interception module is set to intercept an interface calling request;
the signature field acquisition module is set to acquire a corresponding field value from the interface calling request according to at least one preset signature field;
the verification module is used for splicing the field values corresponding to all the acquired preset signature fields according to a preset format to obtain data to be verified; according to the signature data in the interface calling request, performing signature verification on the data to be verified; and if the verification is passed, allowing the interface calling request to be executed.
8. The apparatus of claim 7,
the interface calling request is an HTTP request;
the signature field obtaining module obtains a corresponding field value from the interface calling request according to at least one preset signature field, and the method comprises the following steps:
respectively acquiring corresponding field values from the message structure of the HTTP request according to the preset parameter type of each signature field;
the parameter type includes one of: a request Header, a request parameter Query, a request Path and a request Body.
9. A computer storage medium, in which a computer program is stored, wherein the computer program is arranged to perform the method of any of claims 1 to 6 when executed.
10. An electronic device comprising a memory and a processor, wherein the memory has stored therein a computer program, and wherein the processor is arranged to execute the computer program to perform the method of any of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010391727.2A CN111756544A (en) | 2020-05-11 | 2020-05-11 | Interface calling validity checking method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010391727.2A CN111756544A (en) | 2020-05-11 | 2020-05-11 | Interface calling validity checking method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111756544A true CN111756544A (en) | 2020-10-09 |
Family
ID=72673772
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010391727.2A Pending CN111756544A (en) | 2020-05-11 | 2020-05-11 | Interface calling validity checking method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111756544A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112468478A (en) * | 2020-11-23 | 2021-03-09 | 杭州贝嘟科技有限公司 | Attack interception method and device, computer equipment and storage medium |
| CN112699398A (en) * | 2021-01-28 | 2021-04-23 | 厦门立林科技有限公司 | Device, method and equipment for protecting key data of android application and storable medium |
| CN113114562A (en) * | 2021-03-04 | 2021-07-13 | 上海赛可出行科技服务有限公司 | Open platform-based parameter-configurable gateway design method |
| CN113179277A (en) * | 2021-05-07 | 2021-07-27 | 济南云拓互动传媒有限公司 | Verification method hidden in standard HTTP plaintext message header |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030131250A1 (en) * | 2001-12-28 | 2003-07-10 | Quere Patrick Le | A Module for secure management of digital date by encryption/decryption and/or signature/verification of signature which can be used for dedicated servers |
| CN108200146A (en) * | 2017-12-29 | 2018-06-22 | 华南理工大学 | A kind of micro services framework implementation method of lightweight |
| CN108365961A (en) * | 2018-01-02 | 2018-08-03 | 深圳壹账通智能科技有限公司 | The response method and server that interface call method and terminal device, interface call |
| CN109743163A (en) * | 2019-01-03 | 2019-05-10 | 优信拍(北京)信息科技有限公司 | Purview certification method, apparatus and system in micro services framework |
| CN110443072A (en) * | 2019-08-21 | 2019-11-12 | 苏州睿威博科技有限公司 | Data signature method, data verification method, device and storage medium |
-
2020
- 2020-05-11 CN CN202010391727.2A patent/CN111756544A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030131250A1 (en) * | 2001-12-28 | 2003-07-10 | Quere Patrick Le | A Module for secure management of digital date by encryption/decryption and/or signature/verification of signature which can be used for dedicated servers |
| CN108200146A (en) * | 2017-12-29 | 2018-06-22 | 华南理工大学 | A kind of micro services framework implementation method of lightweight |
| CN108365961A (en) * | 2018-01-02 | 2018-08-03 | 深圳壹账通智能科技有限公司 | The response method and server that interface call method and terminal device, interface call |
| CN109743163A (en) * | 2019-01-03 | 2019-05-10 | 优信拍(北京)信息科技有限公司 | Purview certification method, apparatus and system in micro services framework |
| CN110443072A (en) * | 2019-08-21 | 2019-11-12 | 苏州睿威博科技有限公司 | Data signature method, data verification method, device and storage medium |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112468478A (en) * | 2020-11-23 | 2021-03-09 | 杭州贝嘟科技有限公司 | Attack interception method and device, computer equipment and storage medium |
| CN112699398A (en) * | 2021-01-28 | 2021-04-23 | 厦门立林科技有限公司 | Device, method and equipment for protecting key data of android application and storable medium |
| CN113114562A (en) * | 2021-03-04 | 2021-07-13 | 上海赛可出行科技服务有限公司 | Open platform-based parameter-configurable gateway design method |
| CN113179277A (en) * | 2021-05-07 | 2021-07-27 | 济南云拓互动传媒有限公司 | Verification method hidden in standard HTTP plaintext message header |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111756544A (en) | Interface calling validity checking method and device | |
| EP3591931B1 (en) | Authentication method, and authentication data processing method and device based on blockchain | |
| CN110336833B (en) | Picture content consensus method based on block chain and server | |
| CN105934927B (en) | Dynamic filtering for SDN API calls across security boundaries | |
| CN107249004B (en) | Identity authentication method, device and client | |
| US7984479B2 (en) | Policy-based security certificate filtering | |
| CN111149106B (en) | Apparatus and method for key authentication using multiple device certificates | |
| CN111666565A (en) | Sandbox simulation test method and device, computer equipment and storage medium | |
| CN110958119A (en) | Identity verification method and device | |
| US20150312248A1 (en) | Identity authentication | |
| CN108881243B (en) | Linux operating system login authentication method, equipment, terminal and server based on CPK | |
| US20200220725A1 (en) | System and method for authenticating a caller of a telephonic call | |
| US11245709B2 (en) | Multi-verifier approach for attestation of nodes in a network | |
| US11729192B2 (en) | Malware detection using document object model inspection | |
| CN108418679B (en) | Method and device for processing secret key under multiple data centers and electronic equipment | |
| CN109699030B (en) | Unmanned aerial vehicle authentication method, device, equipment and computer readable storage medium | |
| CN113055186B (en) | Cross-system service processing method, device and system | |
| CN110995756B (en) | Method and device for calling service | |
| CN113190812A (en) | Login method, system, electronic equipment and storage medium | |
| CN107623679B (en) | Data marking processing method and device and storage medium | |
| US11658981B1 (en) | Internet access management service server capable of providing internet access management service based on terminal grouping and operating method thereof | |
| CN111382063B (en) | Method and device for verifying compact compatibility | |
| CN108462713B (en) | Method and system for client to perform credibility verification | |
| CN115941198A (en) | Interface calling method and device, terminal equipment and storage medium | |
| CN112672346A (en) | Method, device and system for downloading authentication application |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |