CN114826661A - Data access method, device and medium based on open API - Google Patents

Data access method, device and medium based on open API Download PDF

Info

Publication number
CN114826661A
CN114826661A CN202210268357.2A CN202210268357A CN114826661A CN 114826661 A CN114826661 A CN 114826661A CN 202210268357 A CN202210268357 A CN 202210268357A CN 114826661 A CN114826661 A CN 114826661A
Authority
CN
China
Prior art keywords
client
access request
access
open api
interface
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210268357.2A
Other languages
Chinese (zh)
Inventor
师冬
崔乐乐
李仰允
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chaozhou Zhuoshu Big Data Industry Development Co Ltd
Original Assignee
Chaozhou Zhuoshu Big Data Industry Development Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chaozhou Zhuoshu Big Data Industry Development Co Ltd filed Critical Chaozhou Zhuoshu Big Data Industry Development Co Ltd
Priority to CN202210268357.2A priority Critical patent/CN114826661A/en
Publication of CN114826661A publication Critical patent/CN114826661A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The application discloses a data access method, equipment and medium based on an open API (application program interface), which are used for solving the technical problems that the existing open API is relatively disordered in management, cannot avoid malicious data access requests sent to a server by unknown clients, and has a large safety risk. The method comprises the following steps: the client is authenticated and authorized to issue corresponding identity authentication information to the client, and the identity authentication information is stored in an access white list; receiving an access request encrypted and signed by a client, and determining whether the client is in an access white list according to identity authentication information so as to perform identity verification and API (application program interface) calling permission verification on the client; after determining that the client has the right to access the open API interface, checking the timeliness of the access request, and inquiring whether interface data corresponding to the access request exists in a cache or not under the condition that the access request is not overtime; if yes, obtaining the data from the cache; if the API does not exist, the API is obtained from the database, and the access efficiency of the API is improved.

Description

Data access method, device and medium based on open API
Technical Field
The present application relates to the field of computer technologies, and in particular, to a data access method, device, and medium based on an open API interface.
Background
Currently, when a client accesses data to a server through an open Application Programming Interface (API), the client receives a data access request from the client through the server and sends a response message to the client, so as to allow the client to access the data to the server through the API.
However, the existing open API interface management is relatively chaotic, cannot avoid malicious data access requests sent to the server by unknown clients, has a relatively high security risk, and is prone to reveal interactive information between the clients and the server.
Disclosure of Invention
The embodiment of the application provides a data access method, equipment and medium based on an open API (application program interface), and aims to solve the technical problems that the existing open API is relatively disordered in management, an unknown malicious data access request sent by a client to a server cannot be avoided, a large safety risk is caused, and interactive information between the client and the server is easily revealed.
In one aspect, an embodiment of the present application provides a data access method based on an open API interface, including:
the method comprises the steps of carrying out authentication authorization on a client to issue corresponding identity authentication information to the client, and storing the identity authentication information corresponding to the client into an access white list;
receiving an access request encrypted and signed by the client, and determining whether the client is in the access white list according to identity authentication information carried in the access request so as to perform identity verification and API (application program interface) calling permission verification on the client;
after the client side is determined to have the access authority of the open API, checking the timeliness of the access request, and inquiring whether interface data corresponding to the access request exists in a cache or not under the condition that the access request is not overtime;
if so, acquiring interface data corresponding to the access request from a cache; and if the interface data does not exist, acquiring the interface data corresponding to the access request from the database.
In one implementation manner of the present application, before receiving the access request encrypted and signed by the client, the method further includes:
acquiring a public key of a server, and encrypting an access request of the client by the public key of the server;
and signing the encrypted access request through the private key of the client to realize the encrypted signing processing of the access request.
In one implementation manner of the present application, after receiving the access request encrypted and signed by the client, the method further includes:
acquiring a public key of the client, and verifying the signature of the encrypted and signed access request through the public key of the client to determine that the access request is sent by the client;
and decrypting the access request after the signature is verified through a private key of the server to obtain the access request.
In an implementation manner of the present application, checking timeliness of the access request specifically includes:
acquiring the initiation time and the current time of the access request, and determining the survival time corresponding to the access request according to the initiation time and the current time;
and comparing the survival time corresponding to the access request with a preset effective time, and determining whether the access request is overtime so as to realize the inspection of timeliness of the access request.
In an implementation manner of the present application, authenticating and authorizing a client to issue corresponding identity authentication information to the client specifically includes:
receiving an authentication request sent by a client;
determining that the client has the access right of an open API (application programming interface) according to the application identification information corresponding to the client in the authentication request, and generating identity authentication information corresponding to the client to finish authentication and authorization of the client;
and acquiring a public key of the client, and encrypting the identity authentication information through the public key so as to send the encrypted identity authentication information to the client.
In an implementation manner of the present application, after sending the encrypted identity authentication information to the client, the method further includes:
and decrypting the identity authentication information through the private key of the client to obtain the identity authentication information corresponding to the client.
In one implementation manner of the present application, before receiving the access request after the client encrypts and signs, the method further includes:
determining a domain name corresponding to the open API;
and displaying the URL corresponding to the domain name by adopting a RESTful framework, and putting the version information of the open API into the URL to distinguish the open API.
In an implementation manner of the present application, after obtaining the interface data corresponding to the access request, the method further includes:
responding to the access request of the client through a preset response format; the preset response format comprises a response code, response information and a response description;
and recording the event of the client accessing the open API interface into an access request log.
On the other hand, an embodiment of the present application further provides a data access device based on an open API interface, where the data access device includes:
at least one processor;
and a memory communicatively coupled to the at least one processor;
wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to:
performing an open API interface based data access method according to any of claims 1-8.
In another aspect, an embodiment of the present application further provides a non-volatile computer storage medium storing computer-executable instructions, where the computer-executable instructions are configured to:
performing an open API interface based data access method according to any of claims 1-8.
The embodiment of the application provides a data access method, equipment and medium based on an open API (application program interface), which at least have the following beneficial effects: the client is authenticated and authorized to issue identity card information for the client, so that the client can indicate that the client has the access right of the open API interface through the identity authentication information, and the server queries an access white list according to the identity authentication information of the client after receiving an access request sent by the client, so that the identity authentication and the right authentication of the client can be simply and quickly completed, the management of the open API interface is optimized, the data security is ensured, and the access efficiency of the open API interface can be improved; by checking the timeliness of the access request corresponding to the client, the data interaction between the client and the server can be ensured within a preset time length, and the data transmission safety is ensured; after the client is allowed to access the server through the open API, whether interface data corresponding to the access request exists in the cache or not is inquired, so that when the interface data exist in the cache, the interface data are preferentially obtained from the cache, and when the interface data do not exist in the cache, the interface data are obtained from the database, therefore, the data access efficiency can be improved, and the condition that the open API interface management is disordered is effectively improved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a schematic flowchart of a data access method based on an open API interface according to an embodiment of the present application;
fig. 2 is a schematic flowchart of another data access method based on an open API interface according to an embodiment of the present application;
fig. 3 is a schematic diagram of an internal structure of a data access device based on an open API interface according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be described in detail and completely with reference to the following specific embodiments of the present application and the accompanying drawings. It should be apparent that the described embodiments are only some of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The embodiment of the application provides a data access method, equipment and a medium based on an open API (application program interface). by authenticating and authorizing a client and issuing identity card information for the client, the client can show that the client has the access authority of the open API through identity authentication information, and after receiving an access request sent by the client, a server queries an access white list according to the identity authentication information of the client, so that the identity authentication and the authority authentication of the client can be simply and quickly completed; by checking the timeliness of the access request corresponding to the client, the data interaction between the client and the server can be ensured within a preset time length, and the data transmission safety is ensured; by inquiring whether the interface data corresponding to the access request exists in the cache, the interface data can be preferentially obtained from the cache when the interface data exists in the cache, and the interface data can be obtained from the database when the interface data does not exist in the cache. The technical problems that the existing open type API is relatively disordered in interface management, malicious data access requests sent to a server by unknown clients cannot be avoided, a large safety risk is caused, and interactive information between the clients and the server is easily revealed are solved.
The technical solutions proposed in the embodiments of the present application are described in detail below with reference to the accompanying drawings.
Fig. 1 is a schematic flowchart of a data access method based on an open API interface according to an embodiment of the present application. As shown in fig. 1, a data access method based on an open API interface provided in an embodiment of the present application mainly includes the following steps:
step 101, performing authentication and authorization on the client to issue corresponding identity authentication information to the client, and storing the identity authentication information corresponding to the client in an access white list.
The server authenticates and authorizes the client, corresponding identity authentication information is issued to the client during authorization, the identity authentication information is a certificate of the client with an access open API, and meanwhile, the server stores the authenticated identity authentication information corresponding to the client into an access white list in the server.
It should be noted that the identity authentication information in the embodiment of the present application at least includes one or more of the following items: APP _ ID, APP _ KEY, and APP _ SECRET.
Specifically, the server receives an authentication request sent by the client, determines identification information corresponding to the client from the authentication request, determines that the client has an access right of an open API (application programming interface) according to the identification information, and generates identity authentication information corresponding to the client, so that authentication authorization of the client is completed, and the client can indicate that the client has the access right of the open API through the identity authentication information. Then, the server needs to acquire the public key of the client, encrypts the identity authentication information corresponding to the client through the public key of the client, and sends the encrypted identity authentication information to the client, so that the security of the identity authentication information of the client can be ensured, and data leakage is prevented.
It should be noted that, when the server and the client perform data interaction in the embodiment of the present application, a protocol used is an HTTPS protocol, and data interaction is performed through the HTTPS protocol, so that security of data transmission can be ensured.
In an embodiment of the present application, after the server sends the encrypted authentication information to the client, the client decrypts the encrypted authentication information through its own private key, so as to obtain the authentication information issued by the server.
And 102, receiving an access request encrypted and signed by the client, and determining whether the client is in an access white list according to identity authentication information carried in the access request so as to perform identity verification and API (application program interface) calling permission verification on the client.
After receiving the encrypted signed access request sent by the client, the server compares the identity authentication information corresponding to the client carried in the access request with the identity authentication information in the access white list to determine that the client is in the access white list of the open API interface, so that identity verification and API call permission verification of the client are completed, the open API interface is managed in a unified manner, and the data security is improved.
It should be noted that the open API interface in the embodiment of the present application supports multiple request accesses, for example: GET, POST, PUT, DELETE, etc.
In an embodiment of the application, before the server receives the access request after the client encrypts and tags, the client encrypts and tags the access request, so as to improve the security of data. Specifically, the client needs to obtain the public key of the server, encrypt the access request through the public key of the server, and then sign the access request through the private key of the client, so that encryption and signing processing of the access request is achieved, the access request can be represented by the signature and sent by the client, and data security can be guaranteed through encryption.
In an embodiment of the application, after receiving an access request encrypted and signed by a client, a server first needs to obtain a public key of the client, and obtains a signature corresponding to the encrypted and signed access request through the public key of the client, so as to determine that the current access request is sent by the client, and then decrypts the encrypted access request through a private key of the server, so as to obtain a decrypted access request.
In an embodiment of the present application, before receiving an access request encrypted and signed by a client, a server determines a domain name corresponding to an open API interface of the server, where the server uses an independent domain name, for example: https:// api. Then, the server adopts a RESTful style architecture for the URL corresponding to the domain name in the application, and represents a resource through each website. At the same time, the server will also put the version information of the open API interface into the URL, for example: https:// API. xxx.com/v { n }, so that the open API interfaces can be distinguished through versions, and business logic is prevented from being affected.
And 103, after the client is determined to have the access authority of the open API, checking the timeliness of the access request, and inquiring whether interface data corresponding to the access request exists in the cache or not under the condition that the access request is not overtime.
After determining that the client has the access authority of the open API, the server also needs to check the timeliness of the access request, if the access request is overtime, the access request is discarded, and if the access request is not overtime, whether interface data corresponding to the access request exists in the cache or not is continuously inquired.
Specifically, when the server checks the timeliness of the access request, the server first needs to obtain the initiation time of the access request from the access request and obtain the current time, then calculates the survival time corresponding to the current access request according to the initiation time and the current time, and then compares the calculated survival time corresponding to the access request with the preset effective time corresponding to the access request, so as to determine whether the current access request is overtime, if the access request is overtime, the access request is discarded, and if the access request is not overtime, the subsequent operation is continued, so that the checking of the timeliness of the access request is completed.
It should be noted that, in the embodiment of the present application, the preset effective duration corresponding to the access request is 20 seconds, and the preset effective duration is not specifically limited in the present application and may be adjusted according to actual requirements.
Step 104, if the interface data exists, acquiring interface data corresponding to the access request from a cache; and if the interface data does not exist, acquiring the interface data corresponding to the access request from the database.
The server directly acquires the interface data from the cache when the interface data corresponding to the access request exists in the cache, and acquires the interface data from the database when the interface data corresponding to the access request does not exist in the cache.
In an embodiment of the application, after the server obtains the interface data corresponding to the access request, the server responds to the access request of the client through a preset response format. Then, the server records the event that the client accesses the open API interface into an access request log so as to be convenient for subsequent inquiry according to the requirement.
It should be noted that the preset response format in the embodiment of the present application includes a response code, response information, and a corresponding description.
Fig. 2 is a schematic flowchart of another data access method based on an open API interface according to an embodiment of the present application. As shown in fig. 2, after the client performs the identity authentication of the server, the API call permission verification, the timeliness verification of the access request, and the verification whether the interface data exists in the cache, the client accesses the corresponding data in the server through the gateway, i.e., the open API interface. For the service A, the server firstly acquires interface data corresponding to the service A from a cache, and if the cache does not exist, the server acquires the interface data corresponding to the service A from a database; for the service B, the server firstly acquires interface data corresponding to the service B from a cache, and if the cache does not exist, the server acquires the interface data corresponding to the service B from a database; for the service C, the server firstly obtains the interface data corresponding to the service C from the cache, and if the cache does not exist, the server obtains the interface data corresponding to the service C from the database.
It should be noted that the method shown in fig. 2 is substantially the same as the method shown in fig. 1, and therefore, portions that are not described in detail in fig. 2 may specifically refer to the related description in fig. 1, and are not described herein again.
The above is the method embodiment proposed by the present application. Based on the same inventive concept, the embodiment of the present application further provides a data access device based on an open API interface, and the structure of the data access device is shown in fig. 3.
Fig. 3 is a schematic diagram of an internal structure of a data access device based on an open API interface according to an embodiment of the present application. As shown in fig. 3, the apparatus includes:
at least one processor;
and a memory communicatively coupled to the at least one processor;
wherein the memory stores instructions executable by the at least one processor to cause the at least one processor to:
an open API interface based data access method as in any above is performed.
An embodiment of the present application further provides a non-volatile computer storage medium, in which computer-executable instructions are stored, and the computer-executable instructions are configured to:
an open API interface based data access method as claimed in any preceding claim.
The embodiments in the present application are described in a progressive manner, and the same and similar parts among the embodiments can be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the device and media embodiments, the description is relatively simple as it is substantially similar to the method embodiments, and reference may be made to some descriptions of the method embodiments for relevant points.
The device and the medium provided by the embodiment of the application correspond to the method one to one, so the device and the medium also have the similar beneficial technical effects as the corresponding method, and the beneficial technical effects of the method are explained in detail above, so the beneficial technical effects of the device and the medium are not repeated herein.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.

Claims (10)

1. A data access method based on an open API (application program interface), which is characterized by comprising the following steps:
the method comprises the steps of carrying out authentication authorization on a client to issue corresponding identity authentication information to the client, and storing the identity authentication information corresponding to the client into an access white list;
receiving an access request encrypted and signed by the client, and determining whether the client is in the access white list according to identity authentication information carried in the access request so as to perform identity verification and API (application program interface) calling permission verification on the client;
after the client side is determined to have the access authority of the open API, checking the timeliness of the access request, and inquiring whether interface data corresponding to the access request exists in a cache or not under the condition that the access request is not overtime;
if so, acquiring interface data corresponding to the access request from a cache; and if the interface data does not exist, acquiring the interface data corresponding to the access request from the database.
2. The method of claim 1, wherein before receiving the encrypted and signed access request from the client, the method further comprises:
acquiring a public key of a server, and encrypting an access request of the client by the public key of the server;
and signing the encrypted access request through the private key of the client to realize the encrypted signing processing of the access request.
3. The method of claim 1, wherein after receiving the encrypted and signed access request from the client, the method further comprises:
acquiring a public key of the client, and verifying the signature of the encrypted and signed access request through the public key of the client to determine that the access request is sent by the client;
and decrypting the access request after the signature is verified through a private key of the server to obtain the access request.
4. The data access method based on the open API interface according to claim 1, wherein checking the timeliness of the access request specifically includes:
acquiring the initiation time and the current time of the access request, and determining the survival time corresponding to the access request according to the initiation time and the current time;
and comparing the survival time corresponding to the access request with a preset effective time, and determining whether the access request is overtime so as to realize the inspection of timeliness of the access request.
5. The data access method based on the open API interface according to claim 1, wherein performing authentication and authorization on a client to issue corresponding identity authentication information to the client specifically includes:
receiving an authentication request sent by a client;
determining that the client has the access right of an open API (application programming interface) according to the application identification information corresponding to the client in the authentication request, and generating identity authentication information corresponding to the client to finish authentication and authorization of the client;
and acquiring a public key of the client, and encrypting the identity authentication information through the public key so as to send the encrypted identity authentication information to the client.
6. The data access method based on the open API interface of claim 5, wherein after sending the encrypted authentication information to the client, the method further comprises:
and decrypting the identity authentication information through the private key of the client to obtain the identity authentication information corresponding to the client.
7. The method of claim 1, wherein before receiving the encrypted and signed access request from the client, the method further comprises:
determining a domain name corresponding to the open API;
and displaying the URL corresponding to the domain name by adopting a RESTful framework, and putting the version information of the open API into the URL to distinguish the open API.
8. The method according to claim 1, wherein after obtaining the interface data corresponding to the access request, the method further comprises:
responding to the access request of the client through a preset response format; the preset response format comprises a response code, response information and a response description;
and recording the event of the client accessing the open API interface into an access request log.
9. An open API interface based data access device, said device comprising:
at least one processor;
and a memory communicatively coupled to the at least one processor;
wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to:
performing an open API interface based data access method according to any of claims 1-8.
10. A non-transitory computer storage medium storing computer-executable instructions, the computer-executable instructions configured to:
performing an open API interface based data access method according to any of claims 1-8.
CN202210268357.2A 2022-03-18 2022-03-18 Data access method, device and medium based on open API Pending CN114826661A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210268357.2A CN114826661A (en) 2022-03-18 2022-03-18 Data access method, device and medium based on open API

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210268357.2A CN114826661A (en) 2022-03-18 2022-03-18 Data access method, device and medium based on open API

Publications (1)

Publication Number Publication Date
CN114826661A true CN114826661A (en) 2022-07-29

Family

ID=82530375

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210268357.2A Pending CN114826661A (en) 2022-03-18 2022-03-18 Data access method, device and medium based on open API

Country Status (1)

Country Link
CN (1) CN114826661A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115987683A (en) * 2023-03-15 2023-04-18 中国信息通信研究院 Node access control method, device, equipment and medium in block chain network
CN116208668A (en) * 2023-05-05 2023-06-02 北京零壹视界科技有限公司 Data caching method, device, equipment and medium based on content distribution network
CN116232720A (en) * 2023-03-02 2023-06-06 国网河南省电力公司信息通信分公司 API (application program interface) encryption authentication method and storage device
CN117852005A (en) * 2024-03-08 2024-04-09 杭州悦数科技有限公司 Safety verification method and system between graph database and client

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112187908A (en) * 2020-09-23 2021-01-05 易小博(武汉)科技有限公司 Data processing method, system and interface service platform
CN113468591A (en) * 2021-06-07 2021-10-01 深圳供电局有限公司 Data access method, system, electronic device and computer readable storage medium

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112187908A (en) * 2020-09-23 2021-01-05 易小博(武汉)科技有限公司 Data processing method, system and interface service platform
CN113468591A (en) * 2021-06-07 2021-10-01 深圳供电局有限公司 Data access method, system, electronic device and computer readable storage medium

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116232720A (en) * 2023-03-02 2023-06-06 国网河南省电力公司信息通信分公司 API (application program interface) encryption authentication method and storage device
CN116232720B (en) * 2023-03-02 2024-01-16 国网河南省电力公司信息通信分公司 API (application program interface) encryption authentication method and storage device
CN115987683A (en) * 2023-03-15 2023-04-18 中国信息通信研究院 Node access control method, device, equipment and medium in block chain network
CN115987683B (en) * 2023-03-15 2023-07-28 中国信息通信研究院 Node access control method, device, equipment and medium in block chain network
CN116208668A (en) * 2023-05-05 2023-06-02 北京零壹视界科技有限公司 Data caching method, device, equipment and medium based on content distribution network
CN117852005A (en) * 2024-03-08 2024-04-09 杭州悦数科技有限公司 Safety verification method and system between graph database and client
CN117852005B (en) * 2024-03-08 2024-05-14 杭州悦数科技有限公司 Safety verification method and system between graph database and client

Similar Documents

Publication Publication Date Title
US11050750B2 (en) Recording and verification method and apparatus of internet of things device, and identity authentication method and apparatus
US10719602B2 (en) Method and device for realizing session identifier synchronization
TWI709314B (en) Data processing method and device
CN109274652B (en) Identity information verification system, method and device and computer storage medium
CN108684041B (en) System and method for login authentication
CN114826661A (en) Data access method, device and medium based on open API
US20220394026A1 (en) Network identity protection method and device, and electronic equipment and storage medium
CN101860540B (en) Method and device for identifying legality of website service
CN111935075A (en) Block chain-based digital identity signing and issuing method, equipment and medium
CN109510802B (en) Authentication method, device and system
TWI796675B (en) Blockchain-based identity verification method and related hardware
CN108156119B (en) Login verification method and device
CN108200014B (en) Method, device and system for accessing server by using intelligent key device
CN112688773A (en) Token generation and verification method and device
CN113497709A (en) Trusted data source management method based on block chain, signature device and verification device
CN113312664B (en) User data authorization method and user data authorization system
CN103095704A (en) Trusted medium online validation method and device
CN113472790A (en) Information transmission method based on HTTPS (hypertext transfer protocol secure protocol), client and server
CN111917536A (en) Identity authentication key generation method, identity authentication method, device and system
CN114666168A (en) Decentralized identity certificate verification method and device, and electronic equipment
CN115065542A (en) Permission verification method and device, processor and electronic equipment
CN111079157A (en) Secret fragmentation trusteeship platform based on block chain, equipment and medium
US20060200667A1 (en) Method and system for consistent recognition of ongoing digital relationships
CN112039857B (en) Calling method and device of public basic module
CN111625815B (en) Data transaction method and device based on trusted execution environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination