CN113923251A - Distributed gateway system - Google Patents
Distributed gateway system Download PDFInfo
- Publication number
- CN113923251A CN113923251A CN202111098276.4A CN202111098276A CN113923251A CN 113923251 A CN113923251 A CN 113923251A CN 202111098276 A CN202111098276 A CN 202111098276A CN 113923251 A CN113923251 A CN 113923251A
- Authority
- CN
- China
- Prior art keywords
- configuration information
- service
- api
- unit
- api service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000007246 mechanism Effects 0.000 claims abstract description 21
- 238000006243 chemical reaction Methods 0.000 claims abstract description 13
- 238000012544 monitoring process Methods 0.000 claims abstract description 11
- 230000004931 aggregating effect Effects 0.000 claims abstract description 10
- 230000008859 change Effects 0.000 claims abstract description 8
- 230000002776 aggregation Effects 0.000 claims description 19
- 238000004220 aggregation Methods 0.000 claims description 19
- 238000000034 method Methods 0.000 claims description 19
- 230000008569 process Effects 0.000 claims description 12
- 238000012545 processing Methods 0.000 claims description 11
- 238000007726 management method Methods 0.000 claims 4
- 238000012795 verification Methods 0.000 claims 1
- 238000010586 diagram Methods 0.000 description 11
- 238000013461 design Methods 0.000 description 5
- 238000011161 development Methods 0.000 description 5
- 230000018109 developmental process Effects 0.000 description 5
- 230000001360 synchronised effect Effects 0.000 description 3
- 239000008186 active pharmaceutical agent Substances 0.000 description 2
- 238000003032 molecular docking Methods 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000015556 catabolic process Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000011218 segmentation Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/50—Network service management, e.g. ensuring proper service fulfilment according to agreements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/08—Protocols for interworking; Protocol conversion
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the technical field of distributed gateways, and discloses a distributed gateway system, which comprises a management module, a service module and a service module, wherein the management module is used for providing a uniform API service publishing flow for a publisher and an API service subscribing flow for a subscriber and also is used for managing configuration information of the API service; the registration module is used for monitoring the change of the API service configuration information to acquire the updating configuration information and providing pushing and active pulling services of the updating configuration information for a subscriber so that the API service configuration information of a mechanism gateway system corresponding to the subscriber and the updating configuration information keep real-time synchronization; and the universal gateway module is used for providing an entrance of standard HTTP service, performing protocol conversion and forwarding on the received server request, and aggregating the API services of different publishers so as to realize mutual calling of the API services of all publishers. The distributed gateway system is convenient for different users to realize unified management on the API, and solves the problems that the existing API service protocol is complicated to realize and difficult to aggregate services.
Description
Technical Field
The invention relates to the technical field of distributed gateways, in particular to a distributed gateway system.
Background
With the deep development of the open API (Application Programming Interface) service, large and medium financial institutions have developed open banks. The interface protocol, the implementation logic, the implementation mode and the like of the API gateway system have larger difference among different mechanisms. With the rapid development of an open scene, the same scene needs to be cooperatively called by APIs among multiple organizations to meet the functional requirements of a user scene, for example, a unified asset view scene of a user, and a client needs to subscribe the APIs of the organizations on multiple organization platforms respectively. Because the API service management flow, the API docking mode, the interface protocol and the like are inconsistent among all mechanisms, the flow of managing the API service by a client becomes complex, the maintenance is difficult, the development difficulty of docking and adapting to different protocols is increased, and the like; therefore, in a scenario of API service aggregation among multiple mechanisms, the existing API service form cannot efficiently meet the needs of clients. A new API service construction method is needed to unify API service protocols, API service management, and the like to meet new requirements of customers in a new scenario.
Disclosure of Invention
Based on this, it is necessary to provide a distributed gateway system for solving the problem that the existing API service form cannot meet the requirements of clients in the scenario of API service aggregation among multiple mechanisms.
A distributed gateway system comprises a management module, a service module and a service module, wherein the management module is used for providing a uniform API service publishing flow for a publisher and providing an API service subscribing flow for a subscriber and is also used for managing configuration information of the API service; the registration module is used for monitoring the change of API service configuration information to obtain update configuration information and providing the subscriber with push and active pull services of the update configuration information so that the API service configuration information of a mechanism gateway system corresponding to the subscriber and the update configuration information keep real-time synchronization; and the universal gateway module is used for providing an entrance of a standard HTTP service, performing protocol conversion and forwarding on the received server request, and aggregating the API services of different publishers to enable the API services of the publishers to be mutually called.
The distributed gateway system comprises a management module, a registration module and a general gateway module. The management module can provide a uniform interface service management platform for a publisher or a subscriber, unifies the publishing and subscribing operations of the interface service, facilitates the uniform management of the interface service by the publisher or the subscriber, and enables the interface management flow to be uniform. When the configuration information of the interface service is changed, the registration module can acquire the updated configuration information in real time and push the updated configuration information to a gateway system of a client, so that the realization of service logic is ensured. The universal gateway module provides a protocol conversion function of the interface service and provides a feasible scheme for unifying interface service protocols among different publishers or subscribers. The universal gateway module also provides an aggregation service aiming at the interface, ensures the cooperative calling of different interface services among publishers or subscribers, further deepens the cooperation among the publishers or subscribers and can promote the generation of new application scenes.
In one embodiment, the management module includes a publish-subscribe unit, configured to provide a uniform API service publish process for the publisher, and further configured to provide the API service subscribe process for the subscriber; and the information management unit is used for managing the configuration information of the API service.
In one embodiment, the registration module includes a monitoring unit, configured to monitor a change of the API service configuration information to obtain updated configuration information; the pushing unit is used for pushing the updated configuration information to the subscriber after the configuration information of the API service is updated; and the pulling unit is used for providing the active pulling service for updating the configuration information for the subscriber.
In one embodiment, the universal gateway module comprises an entry unit for providing an entry for standard HTTP services; the routing unit is used for carrying out protocol conversion on the received server request and forwarding the server request; and the service aggregation unit is used for aggregating the API services of different publishers so as to realize mutual calling of the API services of the publishers.
In one embodiment, the universal gateway module further includes a checking unit group, configured to check the received server request according to the API service configuration information; and the flow control unit group is used for controlling the number of the server requests received by the universal gateway module.
In one embodiment, the server request includes identification information and user request data, the user request data is obtained according to an authentication rule and an encryption algorithm provided by the universal gateway module, and the check unit group includes a white list unit, configured to determine whether the server request is an authorized request according to the API service configuration information and the identification information; and the user authentication unit is used for judging the legality of the user request data.
In one embodiment, the traffic control unit group includes a flow control unit, configured to control the number of requests received by a single API service in a unit time; and the frequency control unit is used for controlling the total amount of requests received by a single API service in a preset time period.
In one embodiment, the server request includes a timestamp, and the universal gateway module further includes a replay prevention unit configured to determine whether the received server request is a repeatedly transmitted server request according to the timestamp.
In one embodiment, the universal gateway module further includes a log unit, configured to manage log information, where the log information is a processing record of each unit in the universal gateway module.
In one embodiment, the API service configuration information includes public and private key information, an identifier list information, and a flow control policy.
Drawings
In order to more clearly illustrate the embodiments of the present specification or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the specification, and other drawings can be obtained by those skilled in the art without inventive labor.
Fig. 1 is a block diagram of a distributed gateway system in one embodiment of the present disclosure;
FIG. 2 is a block diagram of a management module in one embodiment of the present disclosure;
FIG. 3 is a block diagram of a registration module in one embodiment of the present disclosure;
fig. 4 is a schematic flow chart of a push service in one embodiment of the present disclosure;
FIG. 5 is a flow diagram of an active pull service in one embodiment of the present disclosure;
fig. 6 is a block diagram of a generic gateway module in one embodiment of the disclosure.
Detailed Description
To facilitate an understanding of the invention, the invention will now be described more fully with reference to the accompanying drawings. Preferred embodiments of the present invention are shown in the drawings. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
In order to adapt to the application scenario of API service aggregation among multiple mechanisms, the disclosure provides a multi-user cooperation-oriented distributed gateway system. Fig. 1 is a block diagram of a distributed gateway system in one embodiment of the present disclosure, which may include a management module 100, a registration module 200, and a common gateway module 300.
The management module 100 is configured to provide a uniform API service publishing process for a publisher and an API service subscribing process for a subscriber, and is further configured to manage configuration information of the API service. The registration module 200 is configured to monitor changes of the API service configuration information to obtain update configuration information, and is further configured to provide a push service and an active pull service of the update configuration information to a subscriber, so that the API service configuration information of the mechanism gateway system corresponding to the subscriber and the update configuration information are kept synchronized in real time. The universal gateway module 300 is configured to provide an entry of a standard HTTP service, perform protocol conversion and forwarding on a received server request, and aggregate API services of different publishers, so that API services of the publishers are mutually invoked.
In the distributed gateway system oriented to multi-user cooperation, the management module 100 may unify the publishing and subscribing operations of the API service, provide a unified API service publishing flow for publishers, and provide an API service subscribing flow for subscribers. Each user may serve as a publisher to perform unified publishing according to the unified API service publishing process provided by the management module 100, each user may also serve as a subscriber to obtain subscription information according to the API service subscription process provided by the management module 100, and the management module 100 makes the API interface management processes implement unification. The management module 100 may also perform unified management on configuration information of the API service, where the management refers to operations of setting, storing, updating, and the like on the API service. A user may perform initialization setting on configuration information of the API service through a platform provided by the management module 100, the management module 100 may store the received API service configuration information, and the user may update the API service configuration information stored in the management module 100 through the platform provided by the management module 100.
The registration module 200 monitors the configuration information of the API service in real time, and after the API configuration information is changed, can acquire the updated configuration information in real time, and push the updated configuration information to the mechanism gateway system corresponding to the subscriber, so as to ensure the implementation of the service logic. Meanwhile, the registration module 200 also supports the active pull service of the subscriber to the configuration information, so that the subscriber has more flexibility in implementing the configuration information synchronization scheme. The universal gateway module 300 can perform uniform encapsulation and aggregation on the publisher API interfaces, so as to ensure that the management module 100 provides uniform API service protocols and uniform call logic for the outside, and facilitate each publisher to implement API service aggregation, so as to meet the needs of new scenarios.
In one embodiment, in a software architecture, publish-subscribe is a messaging paradigm where publishers do not send messages directly to subscribers, but rather, classify published messages into different categories without knowing which subscribers may be present. Likewise, a subscriber may express interest in one or more categories, receiving only interesting messages, without knowing which publishers are present.
Fig. 2 is a block diagram of a management module in one embodiment of the present disclosure. The management module 100 may include a publish-subscribe unit 110 and an information management unit 120. The publish-subscribe unit 110 is configured to unify the API service publish procedures for publishers and further provide API service subscribe procedures for subscribers. The information management unit 120 is configured to manage configuration information of the API service.
The management module 100 is a management center for the operating console and API services of the multi-user collaborative distributed gateway system. The publish-subscribe unit 110 of the management module 100 provides a uniform API service publishing process for different publishers, and publishers can publish messages according to the API service publishing process provided by the publish-subscribe unit 110. The publish-subscribe unit 110 may also provide the subscriber with the functionality of subscribing to API services. Through the publish-subscribe unit 110, a subscriber can search, subscribe and view API services related to own services.
The information management unit 120 of the management module 100 supports management of configuration information of the API service, and in one embodiment, the configuration information of the API service may include public and private key information, identifier list information, and a flow control policy. The user may update the API service configuration information through the information management unit 120, for example, public and private key information replacement, ip white list update, flow control policy adjustment, and the like. The management module 100 can solve the difference between service publishing and subscribing among users, and provide a unified platform for different publishers and subscribers to manage and maintain the API service, thereby simplifying the operation of the API service.
Fig. 3 is a block diagram of a registration module in an embodiment of the present disclosure. In one embodiment, the registration module 200 may include a monitoring unit 210, a pushing unit 220, and a pulling unit 230. The monitoring unit 210 is configured to monitor changes of the API service configuration information to obtain updated configuration information. By monitoring the information management unit 120 in real time through the monitoring unit 210, the change of the API service configuration information in the management module 100 can be known in time and the updated configuration information can be obtained. And synchronizing the updated configuration information to each subscriber in time so as to ensure that the API service configuration information of the mechanism gateway system corresponding to the subscriber is updated synchronously.
The pushing unit 220 is configured to push the updated configuration information to the subscriber after the configuration information of the API service is updated. Fig. 4 shows a specific flow of the push service, and fig. 4 is a schematic flow diagram of the push service in an embodiment of the disclosure. The push unit 220 provides a service of pushing updated configuration information to a subscriber. The subscriber may configure the receiving address information of the update configuration information in the central information management unit of the management module 100 in advance. The monitoring unit 210 monitors the information management unit 120 in real time. When configuration information of the API service in the information management unit 120 changes, such as flow control policy adjustment, ip white list change, and the like, the push unit 220 monitors the change, acquires, from the information management unit 120, receiving address information corresponding to a subscriber that needs to be sent, and actively pushes updated configuration information to a receiving address of the subscriber, thereby implementing active push service.
The pull unit 230 is used to provide an active pull service for updating configuration information for a subscriber. Fig. 5 shows a specific flow of the active pull service, and fig. 5 is a schematic flow diagram of the active pull service in an embodiment of the disclosure. The pull unit 230 may provide an active pull service for updating the configuration information externally. The active pull service is provided externally in the form of a standard HTTP (Hyper Text Transfer Protocol) service. The subscriber can be customized according to the real-time requirement of the gateway system, and the service interface provided by the pull unit 230, or can use the standard implementation manner provided by the management module 100.
The registration module 200 is the backbone of the distributed gateway system for multi-user collaboration. The registration module 200 changes API service configuration information in the real-time information managing unit 120. Once the configuration information is updated, the registration module 200 will actively push the updated configuration information to the subscriber, so as to ensure that the updated configuration information is synchronized to the mechanism gateway system corresponding to the subscriber in real time, so that the mechanism gateway system corresponding to the subscriber is updated synchronously, thereby implementing synchronous management for the configuration information of the API service, and ensuring the real-time synchronization of the configuration information of the mechanism gateway system. The registration module 200 not only provides a service of actively pushing configuration information, but also provides a standard HTTP interface, supporting a service of actively pulling configuration information by a subscriber. The subscriber has more flexibility in the implementation scheme of configuration information synchronization.
Fig. 6 is a block diagram of a generic gateway module in one embodiment of the present disclosure, and in one embodiment, the generic gateway module 300 may include an ingress unit 310, a routing unit 320, and a service aggregation unit 330.
The portal unit 310 is used for providing a portal of the standard HTTP service, and the subscriber may send a server request to the universal gateway module 300 according to the portal of the standard HTTP service provided by the portal unit 310. The routing unit 320 is configured to perform protocol conversion and forwarding on the received server request. The routing unit 320 is specially responsible for implementing the routing of the API service, and may forward the received server request sent from the subscriber to the service unit that really processes the request at the back end. The routing unit 320 provides the configuration service connection with the management module 100 while forwarding the server request to the backend service, which facilitates the backend service upgrade. Through the forwarding of the routing unit 320 and the connection with the configuration service of the management module 100, the backend service may implement specific protocol conversion, business logic, and the like according to the server request sent for the subscriber.
The service aggregating unit 330 is configured to aggregate the API services of different publishers, so that the API services of the publishers are mutually invoked. The service aggregating unit 330 may be responsible for aggregating API services of different publishers, and the aggregating API service may coordinate mutual invocation of API services between publishers. For example, when multiple financial institutions need to obtain a unified asset view of a user, and then to call API services among the multiple financial institutions for multi-party security computation, the aggregation service provided by the service aggregation unit 330 enables implementation of simultaneous call of API services among the multiple financial institutions. The aggregation service further promotes the development of the open API, expands the application scenes of the open API and promotes further cooperation among mechanisms.
The universal gateway module 300 is an entry system that provides standard HTTP services to the outside, performs protocol conversion and forwarding to the inside, performs service logic implementation to the outside, and implements API service aggregation between different publishers, etc. The unification of the API service protocol issued by the platform can be ensured through protocol conversion, and the use of the issuer is facilitated. The API service is aggregated, so that the cooperative configuration of the service among the mechanisms can be promoted, and the guarantee is provided for the generation of new scenes and new applications.
In one embodiment, the universal gateway module 300 may further include a check unit group 340 and a traffic policing unit group 350.
The checking unit group 340 is configured to check the received server request according to the configuration information of the interface service. In terms of functional design, the universal gateway module 300 adopts a standard processing flow. When a server request sent by a subscriber reaches the universal gateway module 300, the checking unit group 340 performs ip white list checking on the server request to ensure that the request is a legal server authorization request, and meanwhile, checks the identity of the subscriber through a signature mechanism to ensure the legality of the server request, thereby further ensuring the security of the system.
The traffic control unit group 350 is used to control the number of server requests received by the universal gateway module 300. In order to ensure the stability of the interface service, the universal gateway module 300 adopts a flow management and control mode, and controls the number of received server requests through the flow management and control unit group 350, so as to ensure that the API interface can continuously and stably provide services, and avoid the situation that a large-scale sudden request impacts the API service to cause instant breakdown of the service or even make the service unavailable. The traffic control unit 350 may also support frequency control, such as daily request number limitation, so that the system manages API services from more dimensions.
The universal gateway module 300 is a bridge for connecting services inside and outside the platform, provides standard interface services to the outside through an HTTP protocol, performs protocol conversion on an externally exposed interface of an internal management service system, and distributes an internet request to each internal service system for processing. The universal gateway module 300 adopts a unified standardized design, so that the access cost can be greatly reduced. The API service provided by the same mechanism can unify the interface protocol, so that the calling between the mechanisms is more friendly.
In one embodiment, the checking unit group 340 may include a white list unit 341 and a user authentication unit 342. The server request sent by the subscriber may include identification information and user request data. The user request data is obtained according to the authentication rule and the encryption algorithm provided by the universal gateway module 300. In this embodiment, the identification information is ip information.
The white list unit 341 is configured to determine whether the server request is an authorized request according to the API service configuration information and the identification information. The white list unit 341 may determine whether the server request is an authorized server request according to the ip information carried in the server request sent by the subscriber. The ip information of the server of the subscriber may be pre-configured on the management module 100, and the whitelist unit 341 obtains the configuration information on the management module 100 and verifies the ip information requested by the server. The universal gateway module 300 will perform subsequent processing on the received server request only if the white listing unit 341 determines that it is an authorized request. In some embodiments of the present disclosure, the subscriber may implement the interfacing in a server-to-server manner, and authorize the ip information of the server to avoid a large number of illegal requests from affecting the processing efficiency of the universal gateway module 300.
The user authentication unit 342 is used for judging the validity of the user request data. The mechanism gateway system corresponding to the subscriber may generate a signature in an asymmetric encryption manner in the server request according to the authentication rule provided by the universal gateway module 300 in advance, and encrypt data in a symmetric encryption manner, thereby generating user request data. After the subscriber sends the server request to the universal gateway module 300, the user authentication unit 342 authenticates the user request data according to the key information in the API service configuration information stored in the management module 100, so as to ensure the validity of the server request. In some embodiments of the present disclosure, the organization gateway system corresponding to the subscriber may encrypt the data using a cryptographic algorithm and an RSA algorithm.
In one embodiment, the traffic policing unit group 350 may include a flow control unit 351 and a frequency control unit 352.
The flow control unit 351 is used to control the number of requests received by a single interface service in a unit time. The flow control unit 351 is mainly directed to a single API service request, and may be configured to limit the number of requests received by the single API service per unit time. The flow control unit 351 supports flow control of the number of times requests are received per unit time, which is configurable. The publisher may configure the flow control policies of a single API service in the management module 100. For example, the requests received a preset number of times per minute may be limited. In application, a publisher may dynamically adjust the flow control parameters in the management module 100 according to the capabilities of its API service, so as to optimize the API service effect.
The frequency control unit 352 is used to control the total amount of requests received by a single interface service within a preset time period. The frequency control unit 352 may implement control for the API service to receive the total amount of requests within a preset time period. In some embodiments of the present disclosure, the frequency control unit 352 enables control of the total amount of daily requests for the API service. The publisher may configure the total number of requests that a single API service supports per day in the management module 100. When the number of requests received by the API service on the same day reaches the total number of daily requests, the universal gateway module 300 will directly return an error message to relieve the pressure on the service interface side. The subscriber can also dynamically adjust the total daily request amount in the management module 100 according to different subscribers, so as to flexibly allocate the service capability of the API.
In one embodiment, the server request may also include a timestamp. The universal gateway module 300 may also include an anti-replay unit 360. The anti-replay unit 360 is configured to determine whether the received server request is a repeatedly transmitted server request according to the time stamp. The anti-replay unit 360 may be configured to determine a request repeatedly sent to the generic gateway module based on processing the received server request. In some embodiments of the present disclosure, the universal gateway module 300 may take the form of adding a timestamp in the server request to verify whether it is a repeatedly sent request. And judging whether the actual interval between the current server request and the last server request exceeds a preset time range or not according to the current timestamp and the timestamp of the last request, and if not, directly returning error information by the universal gateway module 300 so as to avoid the influence of repeated processing of the same server request on the processing efficiency of the universal gateway module 300.
In one embodiment, the universal gateway module 300 may further include a log unit 370. The log unit 370 is used to manage log information. The log information is a processing record for each unit in the universal gateway module 300. In some embodiments of the present disclosure, the log unit 370 may be used to manage format definition, transmission, aggregation, and segmentation of log information. After each unit in the universal gateway module 300 performs a processing step, the operation of each unit is recorded in the form of a log. The log information is sent to a syslog-ng (which is a kind of log server) server by the log unit 370, and divided and stored as original log data. By means of the log data, the subscriber can inquire the condition of the subscription API service call, and the publisher can inquire the use condition of the publishing API service. The subscriber may further optimize the API services based on statistical information of the log data. The log information can ensure that each server request can be tracked, and a subscriber or a publisher can conveniently inquire the condition of calling the API each time.
The distributed gateway system facing multi-user cooperation solves the problems that the existing API service protocol is complex in implementation and difficult in service aggregation, provides a structural design for unified management and unified operation of API services and API service aggregation of various machine components, and further promotes the cooperative development of open services among users. The distributed gateway system can provide a uniform API management platform for subscribers or publishers, so that different subscribers or publishers can realize uniform management of the API, and a feasible scheme is provided for uniform management and uniform operation of API services. The universal gateway module 300 provides the protocol conversion function of the API, and provides a feasible solution for unifying API service protocols between different subscribers or publishers. The aggregation service of the universal gateway module 300 may also ensure the collaborative invocation of different API services between subscribers or publishers, further deepen the collaboration between subscribers or publishers, and at the same time, may promote the generation of new application scenarios.
The entire distributed gateway system may include a management module 100, a registration module 200, and a universal gateway module 300. Through the cooperative work of the management module 100, the registration module 200 and the universal gateway module 300, the API service management is simplified, and a scheme for aggregating the API services is provided.
The management module 100 is constructed to provide a platform for API publishing and subscribing to subscribers or publishers, enabling subscribers or publishers to uniformly manage and maintain API services. The registration building module 200 can implement unified management for the configuration information of the API service, and can push the configuration information of the API service in real time, thereby ensuring the real-time synchronization with the configuration information of the mechanism gateway system. The universal gateway module 300 can provide a uniform implementation logic, and guarantees the unification of interface protocols, the aggregation of services, the stability of services and the security of interface calling. The architecture design of the universal gateway module 300 provides standards for API publishers to design their own gateway systems, which facilitates subscribers or publishers to quickly construct gateway systems. The universal gateway module 300 may encapsulate API services of subscribers or publishers, unify API service protocols, and implement the API services cooperation between subscribers or publishers through aggregation services.
It will be understood that the various embodiments of the apparatus described above have been described in an incremental manner, and that like/similar parts of the various embodiments may be referred to one another, with each embodiment focusing on the differences from the other embodiments. Reference may be made to the description of other method embodiments for relevant points.
It is to be understood that the various embodiments of the system described above are described in an incremental manner, and like/similar elements may be referred to one another, with each embodiment focusing on differences from the other embodiments. Reference may be made to the description of other method embodiments for relevant points.
It should be noted that, the descriptions of the apparatus, the electronic device, the server, and the like according to the method embodiments may also include other embodiments, and specific implementations may refer to the descriptions of the related method embodiments. Meanwhile, the new embodiment formed by the mutual combination of the features of the methods, the devices, the equipment and the server embodiments still belongs to the implementation range covered by the present disclosure, and the details are not repeated herein.
In the description herein, references to the description of "some embodiments," "other embodiments," "desired embodiments," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, a schematic description of the above terminology may not necessarily refer to the same embodiment or example.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. A distributed gateway system, comprising:
the management module is used for providing a uniform API service publishing flow for a publisher and an API service subscribing flow for a subscriber and is also used for managing configuration information of the API service;
the registration module is used for monitoring the change of API service configuration information to acquire update configuration information and providing pushing and active pulling services of the update configuration information for the subscriber so that the API service configuration information of a mechanism gateway system corresponding to the subscriber and the update configuration information keep real-time synchronization;
and the universal gateway module is used for providing an entrance of a standard HTTP service, performing protocol conversion and forwarding on the received server request, and aggregating the API services of different publishers to enable the API services of the publishers to be mutually called.
2. The distributed gateway system of claim 1, wherein the management module comprises:
the publishing and subscribing unit is used for providing the uniform API service publishing process for the publisher and also providing the API service subscribing process for the subscriber;
and the information management unit is used for managing the configuration information of the API service.
3. The distributed gateway system of claim 1 or 2, wherein the registration module comprises:
the monitoring unit is used for monitoring the change of the API service configuration information to acquire updated configuration information;
the pushing unit is used for pushing the updated configuration information to the subscriber after the configuration information of the API service is updated;
and the pulling unit is used for providing the active pulling service for updating the configuration information for the subscriber.
4. The distributed gateway system of claim 1, wherein the common gateway module comprises:
an entry unit for providing an entry of a standard HTTP service;
the routing unit is used for carrying out protocol conversion on the received server request and forwarding the server request;
and the service aggregation unit is used for aggregating the API services of different publishers so as to realize mutual calling of the API services of the publishers.
5. The distributed gateway system of claim 4, wherein the common gateway module further comprises:
the verification unit group is used for verifying the received server request according to the API service configuration information;
and the flow control unit group is used for controlling the number of the server requests received by the universal gateway module.
6. The distributed gateway system of claim 5, wherein the server request includes identification information and user request data, the user request data is obtained according to an authentication rule and an encryption algorithm provided by the universal gateway module, and the check unit group includes:
a white list unit, configured to determine whether the server request is an authorized request according to the API service configuration information and the identification information;
and the user authentication unit is used for judging the legality of the user request data.
7. The distributed gateway system management method according to claim 5, wherein the traffic control unit group includes:
the flow control unit is used for controlling the number of times of requests received by the single API service in unit time;
and the frequency control unit is used for controlling the total amount of requests received by a single API service in a preset time period.
8. The distributed gateway system of claim 4, wherein the server request includes a timestamp, and wherein the generic gateway module further comprises:
and the anti-replay unit is used for judging whether the received server request is a repeatedly sent server request or not according to the timestamp.
9. The distributed gateway system of claim 4, wherein the common gateway module further comprises:
and the log unit is used for managing log information, and the log information is a processing record of each unit in the universal gateway module.
10. The distributed gateway system of claim 1, wherein the API service configuration information comprises public and private key information, a list of identifiers information, and a flow control policy.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111098276.4A CN113923251B (en) | 2021-09-18 | 2021-09-18 | Distributed gateway system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111098276.4A CN113923251B (en) | 2021-09-18 | 2021-09-18 | Distributed gateway system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113923251A true CN113923251A (en) | 2022-01-11 |
| CN113923251B CN113923251B (en) | 2024-08-09 |
Family
ID=79235638
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111098276.4A Active CN113923251B (en) | 2021-09-18 | 2021-09-18 | Distributed gateway system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113923251B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115314509A (en) * | 2022-07-27 | 2022-11-08 | 上海浦东发展银行股份有限公司 | Synchronization method, device, equipment and storage medium of application registration information |
| CN116016666A (en) * | 2022-12-21 | 2023-04-25 | 中盈优创资讯科技有限公司 | API release realization method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108111629A (en) * | 2018-01-19 | 2018-06-01 | 京东方科技集团股份有限公司 | Application Programming Interface service unit and Application Programming Interface service system |
| CN108965442A (en) * | 2018-07-23 | 2018-12-07 | 珠海宏桥高科技有限公司 | A kind of micro services infrastructure services dissemination system and model-based optimization method |
| CN109150805A (en) * | 2017-06-19 | 2019-01-04 | 亿阳安全技术有限公司 | The method for managing security and system of application programming interface |
| CN112257083A (en) * | 2020-10-21 | 2021-01-22 | 太极计算机股份有限公司 | Automatic interface test system based on distributed service bus |
-
2021
- 2021-09-18 CN CN202111098276.4A patent/CN113923251B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109150805A (en) * | 2017-06-19 | 2019-01-04 | 亿阳安全技术有限公司 | The method for managing security and system of application programming interface |
| CN108111629A (en) * | 2018-01-19 | 2018-06-01 | 京东方科技集团股份有限公司 | Application Programming Interface service unit and Application Programming Interface service system |
| CN108965442A (en) * | 2018-07-23 | 2018-12-07 | 珠海宏桥高科技有限公司 | A kind of micro services infrastructure services dissemination system and model-based optimization method |
| CN112257083A (en) * | 2020-10-21 | 2021-01-22 | 太极计算机股份有限公司 | Automatic interface test system based on distributed service bus |
Non-Patent Citations (1)
| Title |
|---|
| 王建华: "API技术安全问题及相关安全解决方案研究", 《中国金融电脑》, 7 September 2018 (2018-09-07) * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115314509A (en) * | 2022-07-27 | 2022-11-08 | 上海浦东发展银行股份有限公司 | Synchronization method, device, equipment and storage medium of application registration information |
| CN116016666A (en) * | 2022-12-21 | 2023-04-25 | 中盈优创资讯科技有限公司 | API release realization method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113923251B (en) | 2024-08-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11784788B2 (en) | Identity management method, device, communications network, and storage medium | |
| US10819687B2 (en) | Apparatus and method of encrypted communication | |
| US11128447B2 (en) | Cryptographic operation method, working key creation method, cryptographic service platform, and cryptographic service device | |
| KR101516909B1 (en) | Discovery of security associations for key management relying on public keys | |
| US10659441B2 (en) | Dynamically managing, from a centralized service, valid cipher suites allowed for secured sessions | |
| CN111131416B (en) | Service providing method and device, storage medium and electronic device | |
| CN110769035A (en) | Block chain asset issuing method, platform, service node and storage medium | |
| CN113923251B (en) | Distributed gateway system | |
| CN112436936B (en) | Cloud storage method and system with quantum encryption function | |
| US10491577B2 (en) | Secure, customer-controlled storage for cloud-managed meeting details | |
| US20030007645A1 (en) | Method and system for allowing a sender to send an encrypted message to a recipient from any data terminal | |
| CN113472722A (en) | Data transmission method, storage medium, electronic device and automatic ticket selling and checking system | |
| JP2024505553A (en) | Systems and methods for federated learning using peer-to-peer networks | |
| CN113094190B (en) | Micro-service calling method, micro-service calling device, electronic equipment and storage medium | |
| US20200053059A1 (en) | Secure Method to Replicate On-Premise Secrets in a Cloud Environment | |
| CN112073175B (en) | Data processing method, device and system and electronic equipment | |
| WO2021009866A1 (en) | Data distribution system, data processing device, and program | |
| US20220231837A1 (en) | Intelligent and secure packet captures for cloud solutions | |
| CN113259436B (en) | Network request processing method and device | |
| CN114765546B (en) | End-to-end hard encryption method, system, encryption equipment and key management server | |
| KR20200045648A (en) | Apparatus and method for generating encryption key in sip based call service | |
| KR102387911B1 (en) | Secure instant messaging method and attaratus thereof | |
| CN109120631B (en) | Function calling system, method, device and storage medium | |
| Ke et al. | Research on Blockchain Usage for 5G Message Service | |
| CN113821258A (en) | Method and device for realizing localization operation of ground system through cloud system instruction |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |