CN114979103A - Open API integration and management method and computer equipment - Google Patents
Open API integration and management method and computer equipment Download PDFInfo
- Publication number
- CN114979103A CN114979103A CN202210561137.9A CN202210561137A CN114979103A CN 114979103 A CN114979103 A CN 114979103A CN 202210561137 A CN202210561137 A CN 202210561137A CN 114979103 A CN114979103 A CN 114979103A
- Authority
- CN
- China
- Prior art keywords
- api
- user
- calling
- integration
- open
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000010354 integration Effects 0.000 title claims abstract description 46
- 238000007726 management method Methods 0.000 title claims abstract description 45
- 230000006870 function Effects 0.000 claims abstract description 47
- 238000000034 method Methods 0.000 claims abstract description 23
- 238000012544 monitoring process Methods 0.000 claims abstract description 19
- 238000005516 engineering process Methods 0.000 claims abstract description 15
- 239000008186 active pharmaceutical agent Substances 0.000 claims description 60
- 238000013507 mapping Methods 0.000 claims description 26
- 238000012360 testing method Methods 0.000 claims description 23
- 238000013475 authorization Methods 0.000 claims description 21
- 238000006243 chemical reaction Methods 0.000 claims description 12
- 230000007246 mechanism Effects 0.000 claims description 9
- 230000008569 process Effects 0.000 claims description 9
- 230000002776 aggregation Effects 0.000 claims description 7
- 238000004220 aggregation Methods 0.000 claims description 7
- 238000004422 calculation algorithm Methods 0.000 claims description 6
- 238000002955 isolation Methods 0.000 claims description 4
- 230000036541 health Effects 0.000 claims description 3
- 239000008358 core component Substances 0.000 abstract description 5
- 238000011161 development Methods 0.000 description 11
- 230000018109 developmental process Effects 0.000 description 11
- 230000006872 improvement Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 4
- 238000004806 packaging method and process Methods 0.000 description 4
- 238000012795 verification Methods 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 230000008676 import Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000011218 segmentation Effects 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 238000011144 upstream manufacturing Methods 0.000 description 2
- 230000001133 acceleration Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000006854 communication Effects 0.000 description 1
- 239000000306 component Substances 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000008451 emotion Effects 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000002427 irreversible effect Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 210000002569 neuron Anatomy 0.000 description 1
- 238000007781 pre-processing Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000007619 statistical method Methods 0.000 description 1
- 238000002560 therapeutic procedure Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0876—Aspects of the degree of configuration automation
- H04L41/0886—Fully automatic configuration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0889—Techniques to speed-up the configuration process
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/28—Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
- H04L67/306—User profiles
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Environmental & Geological Engineering (AREA)
- Automation & Control Theory (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides an open API integration and management method and computer equipment, wherein the method comprises the following steps: the method comprises the steps of adopting a spring cloud micro-service technology to construct an open API integrated integration and management system, controlling calling authority of the API by taking an account as a unit, constructing an API open platform ecology, and using the spring cloud micro-service technology to register, discover and monitor services of an API gateway, an authorization center, a central console and a monitoring center. The invention can realize the unified registration and the standard calling of the API gateway, can realize the unified management, calling, logging and monitoring functions of the API based on the core components of the API gateway, a central console, an authorization center, a monitoring center, service registration, discovery and the like and all modules of other accessed digital systems, can also realize the integration and the automation workflow of the API through a platform, further exerts the capability intercommunication of an open platform and is better integrated into an open platform ecosphere.
Description
Technical Field
The invention belongs to the technical field of API, and particularly relates to an open API integration and management method and computer equipment.
Background
With the rapid development of technologies such as internet, internet of things, big data, cloud computing and the like, digitization and informatization have become irreversible times trend. The number of internal and external digital systems developed by different companies and organizations is also increasing in geometric level. Most digitization systems provide services based on restful apis through JSON, XML, and other unified formats.
With the continuous acceleration of the digitization process, information interaction is mostly realized among different systems through an API (application programming interface) on the premise of ensuring the independence of the systems. Since different systems belong to different companies or different development teams, and the provided APIs are difficult to keep consistent in terms of request and return specifications, most of the current open API integration is based on a unified gateway and is interfaced by manual configuration rules.
The prior art still has the following disadvantages:
interface access control: a unified user authentication and authorization mechanism is lacked, and only simple authentication of a gateway is relied on; the interfaces accessed are not distinguished according to the identity of a caller, and the consumption control is lacked; multi-tenant isolation is not realized, and the control granularity is thicker;
interface stability: the condition of call volume surge cannot be dealt with due to lack of a uniform fusing mechanism; a unified monitoring and alarming mechanism is lacked, and a related API provider cannot be informed to process at the first time;
configuration consistency: most API configuration is carried out manually, documents are often inconsistent with actual APIs in upgrading or changing, and the caller is difficult to debug; also because of manual configuration, easy misoperation causes the API to be unavailable
Advanced flow control function: the method lacks a uniform flow segmentation function, and cannot conveniently perform AB test and gray test; and a flow mirror mechanism is lacked, so that the real online flow environment cannot be simulated, and the API is difficult to be subjected to pressure test in advance.
Disclosure of Invention
In order to overcome the technical defects, the first aspect of the present invention provides an open API integration and management method, including the steps of:
an open API integration and management system is constructed by adopting a SpringCloud micro-service technology, and comprises the following steps: the system comprises an API gateway, a service registration and discovery module, a log collection module, a central console, an authorization center and a monitoring center;
the open API integration and management system controls the calling authority of the API by taking an account as a unit, and comprises the following steps: management services of the API;
based on a log tracking and service monitoring technology, fusing, logging and alarming capabilities based on API granularity are provided, support is provided for API integration and integration of a multi-source heterogeneous system, and an API open platform ecology is constructed;
performing service registration, discovery and monitoring on the API gateway, the authorization center, the central console and the monitoring center by using a SpringCloud micro-service technology;
adopting OAuth2.0 standard protocol as user identity authentication and right identification protocol;
managing the authority of the user through an IAM grammar-based resource strategy;
ensuring the legality and integrity of the API request through an Hmac-Sha256 message signature mechanism;
dynamic routing configuration of the API gateway and authority isolation of multiple tenants are achieved through the APISIX, and different client keys and client routers serve as access and signature vouchers;
generating a globally unique request id for each API access through a UUID code generation technology, wherein the request id is used for subsequent link tracking and log aggregation;
the method has the advantages that the rapid indexing and aggregation of the logs are realized through the ElasticSearch, and the near-real-time query and access statistical capability is provided; completing service registration and discovery through the ETCD;
running required information through a MySQL storage system;
the authorization code is cached by Redis to increase access speed.
As a further improvement of the invention, when the service is registered in the monitoring center, the monitoring center actively monitors according to the registered service list and the health check configuration of different services;
if each interface of the service center is effective, the service is normally provided to the outside;
and if the current state is invalid, the corresponding interface is fused temporarily, and a notification for repairing is sent to an interface provider.
As a further improvement of the invention, the invention also comprises the following steps:
dynamically binding the route, the function, the version and the API, and automatically associating the server of the route and the API through the module, the function and the version;
and flow control is carried out on the central console, and AB tests and gray level tests among different functions as well as version shunting and flow mirroring functions among the same functions are supported.
As a further improvement of the invention, the API calling process comprises the following steps:
the client sends an http request or an https request to the APISIX gateway;
the APSIX gateway splits the module, the function and the version according to the routing path and calls an external API;
mapping configuration and conversion of parameters are carried out according to interface specifications, http requests or http requests are forwarded to call real APIs, and results are returned to an APISIX gateway;
the API gateway records the request content, counts the access time and outputs a diary for collection;
and sending the return result to the client through the APISIX gateway.
As a further improvement of the present invention, the step of mapping configuration and conversion of parameters according to the interface specification includes the steps of:
a user accesses a required API on an open platform;
a user creates parameter mapping configuration corresponding to the API in an open platform background, and mapping of a return state, a return code and a JSON data Key is carried out;
and when the system is actually called, the central console performs one-to-one parameter mapping conversion according to the mapping configuration of the parameters.
As a further improvement of the invention, the invention also comprises the following steps of carrying out authorization authentication on the user:
a user registers an account number on an API open platform;
the user carries out account authentication in a developer background and confirms that the platform developer or the capability caller is formed;
the central console informs an authorization center to distribute a client key and a client secret for the user;
the user obtains the authorization code in the background of the developer, wherein the client key is the client id of the authentication authorization, and the client secret is the password of the authentication authorization.
As a further improvement of the present invention, the present invention further comprises the step of the user purchasing the API:
a user submits an API purchase order on the API open platform and finishes payment;
the central console binds the client key of the user and the purchased API resources in the service registration in the discovery module;
the central console sets a calling amount according to the API calling amount purchased by the user, and if the calling amount is synchronous with the API calling amount, the central console sends the calling amount to the authorization center and the monitoring center;
and sending a notice that the API authority is opened to the user, and calling the purchased API by using the client key and the client secret by the user.
As a further improvement of the invention, the invention also comprises an authentication and authentication step for completing the calling of the API by the user:
the user uses the client key and the client secret to call the calling method, the calling time, the requested parameters and the API address, and calls the API after using the Hmac-Sha256 algorithm signature;
the authorization center acquires a corresponding client secret according to the client key, and performs signature authentication by using the same Hmac-Sha256 algorithm;
if the signature calculated by the authorization center is consistent with the signature sent by the user, verifying whether the client key has the right to call the corresponding API interface again;
if no corresponding authority exists, the APISIX gateway is informed to return error information, and the calling is finished;
and if the corresponding authority exists, performing mapping configuration and conversion of parameters according to the interface specification, calling a real API, returning time through an APISIX gateway, and ending calling.
As a further development of the invention, the automated working stream comprises:
a user manually triggers a workflow or automatically triggers a workflow meeting conditions;
the central console accesses the appointed APIs in sequence according to the configuration of the workflow;
the result output of the former API access is converted into the request input of the next API access through parameter mapping;
and after the calling of all the APIs is completed, informing the user of the workflow execution condition.
In a second aspect of the present invention, the present invention provides a computer device, which is characterized in that the computer device includes a processor and a memory, where the memory stores at least one instruction, at least one program, a code set, or a set of instructions, and the at least one instruction, at least one program, a code set, or a set of instructions is loaded and executed by the processor to implement the above-mentioned open API integration and management method.
Compared with the prior art, the invention has the following beneficial effects:
1. for the platform administrator: because the API interfaces provided by the digital systems are various in types, calling modes, parameter configuration and interface specifications are all different, the workload is large and errors are easy to occur in the original manual configuration mode, and the log and monitoring capability is realized by each system, so that the specific use condition cannot be monitored in real time. By the open API integration and management method, unified registration and standard calling of the API gateway are realized, and the API calling condition and the upstream service running state can be monitored in real time through the log collection and monitoring center.
2. For the API facilitator: the open API integration and management method provides basic services which are rich in functions and closed-loop around the API, a service provider can quickly access the API through various capabilities provided by the platform, unified registration, release, test, version management, logging and monitoring functions of the API are achieved, the whole process of integration, development and deployment is covered, development cost is saved, and development efficiency is improved. Meanwhile, based on the advanced flow control capability (flow splitting and flow mirroring), the AB test, the gray test and the online pressure test of a new interface can be completed conveniently. In addition, the integrity, consistency and legality of data in the interface calling process can be ensured on the premise of ensuring high performance through the perfect identity authentication and authorization management functions of the API gateway.
3. For API callers: the open API integration and management method provides unified packaging capability for core components such as an API gateway, a central console, an authorization center, a monitoring center, service registration and discovery and the like, and unified packaging capability for external functions of different digital systems, provides open interface service to the outside in an API form, and provides standardized, servitized and modularized infrastructure for API callers. Based on the configuration parameter mapping and the interface specification, the consistency of the on-line API and the document can be ensured. Based on the core components of the API gateway, the central console, the authorization center, the monitoring center, the service registration and discovery and the like and the modules of other accessed digital systems, the unified management, calling, logging and monitoring functions of the API can be realized, the API integration and automation workflow can also be realized through the platform, the capability intercommunication of the open platform is further exerted, and the open platform ecosphere is better integrated.
Drawings
Embodiments of the invention are described in further detail below with reference to the attached drawing figures, wherein:
fig. 1 is a schematic diagram of a technical framework of the open API integration and management method according to embodiment 1;
FIG. 2 is a diagram showing dynamic binding of route-module-function-version-external API-real API in embodiment 1;
FIG. 3 is a flowchart of automated workflow execution in example 1;
FIG. 4 is a flowchart of account registration and API purchase in embodiment 1;
FIG. 5 is API usage control parameters in example 1;
FIG. 6 is a flowchart for verifying the authorization of a call in embodiment 1;
FIG. 7 is a diagram of an API requesting signature verification parameters in embodiment 1;
fig. 8 is a schematic structural diagram of the computer device according to embodiment 2.
Detailed Description
The preferred embodiments of the present invention will be described in conjunction with the accompanying drawings, and it will be understood that they are described herein for the purpose of illustration and explanation and not limitation.
Example 1
The embodiment provides an open API integration and management method, which comprises the following steps:
an open API integration and management system is constructed by using a spring cloud micro-service technology, as shown in fig. 1, the open API integration and management system includes: the system comprises an API gateway, a service registration and discovery module, a log collection module, a central console, an authorization center and a monitoring center;
the open API integration and management system controls the calling authority of the API by taking an account as a unit, and comprises the following steps: management services of the API;
based on the log tracking and service monitoring technology, fusing, log and alarm capabilities based on API granularity are provided, and support is provided for API integration and integration of a multi-source heterogeneous system;
performing service registration, discovery and monitoring on the API gateway, the authorization center, the central console and the monitoring center by using a SpringCloud micro-service technology;
adopting OAuth2.0 standard protocol as user identity authentication and right identification protocol;
the authority of the user is managed by a unified mechanism through an IAM grammar-based resource strategy, so that the difficulty of authority configuration can be reduced while the authority control of a complex scene is considered;
ensuring the legality and integrity of the API request through an Hmac-Sha256 message signature mechanism;
dynamic routing configuration of the API gateway is isolated from the authority of multiple tenants through the APISIX, and different client keys and client routers are used as access and signature certificates, so that the safety of service calling is ensured;
generating a globally unique request id for each API access through a UUID code generation technology, wherein the request id is used for subsequent link tracking and log aggregation;
the method has the advantages that the rapid indexing and aggregation of the logs are realized through the ElasticSearch, and the near-real-time query and access statistical capability is provided; completing service registration and discovery through the ETCD;
running required information through a MySQL storage system;
the authorization code is cached by Redis to increase access speed.
Specifically, the management services of the API include:
a) API import: a platform administrator or an API service provider can import an API interface description file which conforms to the OpenAPI 3.0 specification into a platform;
b) API creation: a platform administrator inputs an externally provided API into a platform according to steps;
c) API checking: the API format can be automatically checked, namely whether the actual calling method, parameter type, format and the like of the API are consistent with the document description or not;
d) and (3) API shelving: the API service provider accesses the developed API through the platform and puts the developed API into the API market according to the steps;
e) and (4) API release: a platform administrator or an API facilitator releases the API recorded in the platform to the outside, and formally provides an API call service to the outside, as shown in fig. 2;
f) API debugging: providing an online test tool, and debugging a specific API through a visual interface;
g) version of API: a plurality of different versions can be set for the created or built API, and the specific requirements of different scenes, such as development, testing, customized versions and the like, are met;
h) and (3) API offline: the published API can be offline processed, and the API calling service provided externally is stopped;
i) API export: the API may be exported as a JSON/YAML configuration file in a form that conforms to the OpenAPI 3.0 specification;
j) API purchase: APIs that are shelved by API facilitators may be purchased in the API marketplace;
k) fusing an API: when the situation of flow surge or unstable service occurs, a unified fusing mechanism is provided, and the influence on a larger range on a service system is avoided;
l) API traffic splitting: flow splitting can be carried out by taking API as a unit so as to meet the requirements of AB test, gray test and the like;
m) API traffic mirroring: flow mirroring can be performed by taking API as a unit, and pressure testing can be performed on an interface with a large calling amount based on the function simulation on-line flow;
n) API monitoring: providing a globally uniform API monitoring function, and realizing real-time monitoring only by accessing an open platform;
o) API Log: providing a globally uniform API log function, and realizing called link tracking only by accessing an open platform;
p) API statistics: providing a globally uniform API statistical function, and realizing a basic API call statistical analysis function only by accessing an open platform;
q) API automation workflow: the capability of integration based on the existing APIs is provided, the platform can automatically complete flow calling according to the specified steps, and the APIs of different systems are integrated into the same workflow, as shown in FIG. 3.
In the above embodiment, when the service is registered in the monitoring center, the monitoring center performs active monitoring according to the registered service list and the health check configuration of different services;
if each interface of the service center is effective, the service is normally provided to the outside;
and if the current state is invalid, the corresponding interface is fused temporarily, and a notification for repairing is sent to an interface provider.
In addition, the present embodiment further includes the steps of:
dynamically binding the route, the function, the version and the API, and automatically associating the server of the route and the API through the module, the function and the version;
and flow control is carried out on the central console, and AB tests and gray level tests among different functions as well as version shunting and flow mirroring functions among the same functions are supported.
The specific descriptions of routing, functions, versions and APIs are as follows:
routing: and distinguishing the path identification through letters and separators, and managing the real API service information.
A module: and modules of the API product are divided, extensible management of module information is realized, and different modules are responsible for different fields, such as data preprocessing, machine learning and the like.
The functions are as follows: the system is responsible for dividing specific functions in the module, namely API capability encapsulation with the finest granularity, and different functions correspond to different APIs, such as word segmentation, aggregation, emotion analysis, information extraction and the like.
Version: the video processing method is responsible for dividing versions with specific functions to realize videos with different scenes and requirements, and the different versions can correspond to scenes such as development, testing, customization, function upgrading and the like.
External API: and realizing API interface proxy, and realizing interface service forwarding of the real API by binding with the module-function-version. In fig. 2, the external API refers to an API interface service that provides services through an API ix gateway, and the real API refers to an API interface service provided by a background of each module.
Specifically, the API calling process includes the steps of:
the client sends an http request or an https request to the APISIX gateway;
the APSIX gateway splits the module, the function and the version according to the routing path and calls an external API;
mapping configuration and conversion of parameters are carried out according to interface specifications, http requests or http requests are forwarded to call real APIs, and results are returned to an APISIX gateway;
the API gateway records request content, counts access time and outputs a diary for collection;
and sending the return result to the client through the APISIX gateway.
Compared with the existing API calling scheme, the performance can be improved by more than 5 times by adopting the APISIX, and additional functions such as configuration rollback, plug-in hot update, high availability of a configuration center and the like can be supported.
Specifically, the step of performing mapping configuration and conversion of parameters according to the interface specification includes the steps of:
a user accesses a required API on an open platform;
a user creates parameter mapping configuration corresponding to the API in an open platform background, and mapping of a return state, a return code and a JSON data Key is carried out;
and when the system is actually called, the central console performs one-to-one parameter mapping conversion according to the mapping configuration of the parameters.
Further, the embodiment further includes a step of performing authorization authentication on the user:
a user registers an account number on an API open platform;
the user carries out account authentication in a developer background and confirms to become a platform developer or a capability caller;
the central console informs an authorization center to distribute a client key and a client secret for the user;
the user obtains the authorization code in the background of the developer, wherein the client key is the client id of the authentication authorization, and the client secret is the password of the authentication authorization.
Compared with the prior common user authorization authentication scheme, the method provided by the invention can support the OAuth2.0 standard protocol, the hmac verification and the JsonWebToken verification, thereby providing the user with the maximum use flexibility and greatly reducing the limitation condition of system access.
As shown in fig. 4, the present embodiment further includes a step of the user purchasing the API:
a user submits an API purchase order on the API open platform and finishes payment;
the central console binds the client key of the user and the purchased API resources in the service registration in the discovery module;
the central console sets a calling amount according to the API calling amount purchased by the user, and the calling amount is synchronized to the authorization center and the monitoring center as shown in FIG. 5;
and sending a notice that the API authority is opened to the user, and calling the purchased API by using the client key and the client secret by the user.
In the step of purchasing the API, the automatic allocation and acquisition of the account information are realized, and the user can obtain a unique account authorization code (client key) after completing the corresponding identity authentication.
As shown in fig. 6 and fig. 7, the present embodiment further includes an authentication and authentication step for completing the API call by the user:
the user uses the client key and the client secret to call the calling method, the calling time, the requested parameters and the API address, and calls the API after using the Hmac-Sha256 algorithm signature;
the authorization center obtains a corresponding client secret according to the client key, signature authentication is carried out by using the same Hmac-Sha256 algorithm, request interaction among systems can be reduced by the authentication method based on the Hmac-Sha256, the complexity is reduced, the performance is greatly improved, and the integrity and the safety of the request in the communication process can be ensured;
if the signature calculated by the authorization center is consistent with the signature sent by the user, verifying whether the client key has the right to call the corresponding API interface again;
if no corresponding authority exists, the APISIX gateway is informed to return error information, and the calling is finished;
and if the corresponding authority exists, performing mapping configuration and conversion of parameters according to the interface specification, calling a real API, returning time through an APISIX gateway, and ending calling.
Through the steps, the method for carrying out request signature on the API call in a standardized way is realized, and the completeness, consistency and legality of the call are ensured.
As shown in fig. 3, the automated workflow includes:
a user manually triggers a workflow or automatically triggers a workflow meeting conditions;
the central console accesses the appointed APIs in sequence according to the configuration of the workflow;
the result output of the former API access is converted into the request input of the next API access through parameter mapping;
and after the calling of all the APIs is completed, informing the user of the workflow execution condition.
Furthermore, in the embodiment, the account is used as a tenant for permission isolation, and enterprises, service providers and individual developers can only use the API purchased by the corresponding account, and only after the purchase is completed, the account is added into a white list of the corresponding API, so that the call can be performed. For the API developer, the calling method and the charging mode of the API can be configured and the authorized called account can be managed according to the requirement.
In the specific implementation process, a closed-loop API integration and management system is established first, and a user registers, purchases and calls on an API open platform.
In summary, the present embodiment has the following beneficial effects:
1. for the platform administrator: because the API interfaces provided by the digital systems are various in types, calling modes, parameter configuration and interface specifications are all different, the workload is large and errors are easy to occur in the original manual configuration mode, and the log and monitoring capability is realized by each system, so that the specific use condition cannot be monitored in real time. By the open API integration and management method, unified registration and standard calling of the API gateway are realized, and the API calling condition and the upstream service running state can be monitored in real time through the log collection and monitoring center.
2. For the API facilitator: the open API integration and management method provides basic services which are rich in functions and closed-loop around the API, a service provider can quickly access the API through various capabilities provided by the platform, unified registration, release, test, version management, logging and monitoring functions of the API are achieved, the whole flow of integration, development and deployment is covered, development cost is saved, and development efficiency is improved. Meanwhile, based on the advanced flow control capability (flow splitting and flow mirroring), the AB test, the gray test and the online pressure test of a new interface can be completed conveniently. In addition, the integrity, consistency and legality of data in the interface calling process can be ensured on the premise of ensuring high performance through the perfect identity authentication and authorization management functions of the API gateway.
3. For API callers: the open API integration and management method provides unified packaging capability for core components such as an API gateway, a central console, an authorization center, a monitoring center, service registration and discovery and the like, and unified packaging capability for external functions of different digital systems, provides open interface service to the outside in an API form, and provides standardized, servitized and modularized infrastructure for API callers. Based on the configuration parameter mapping and the interface specification, the consistency of the on-line API and the document can be ensured. Based on the core components of the API gateway, the central console, the authorization center, the monitoring center, the service registration and discovery and the like and the modules of other accessed digital systems, the unified management, calling, logging and monitoring functions of the API can be realized, the API integration and automation workflow can also be realized through the platform, the capability intercommunication of the open platform is further exerted, and the open platform ecosphere is better integrated.
Example 2
The present embodiment provides a computer device, as shown in fig. 8, the computer device includes a processor and a memory, the memory stores at least one instruction, at least one program, a code set, or a set of instructions, and the at least one instruction, the at least one program, the code set, or the set of instructions is loaded and executed by the processor to implement the event context analysis method of embodiment 1.
The Processor may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc.
The memory may be used to store computer programs or modules, and the processor may implement various functions of the mirror neuron therapy-based auxiliary terminal device by executing or executing the computer programs or modules stored in the memory and calling data stored in the memory. The memory may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the cellular phone, and the like. In addition, the memory may include high speed random access memory, and may also include non-volatile memory, such as a hard disk, a memory, a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), at least one magnetic disk storage device, a Flash memory device, or other volatile solid state storage device.
The present invention is not intended to be limited to the particular embodiments shown and described, but is to be accorded the widest scope consistent with the principles and novel features herein disclosed.
Claims (10)
1. An open API integration and management method is characterized by comprising the following steps:
an open API integration and management system is constructed by adopting a SpringCloud micro-service technology, and comprises the following steps: the system comprises an API gateway, a service registration and discovery module, a log collection module, a central console, an authorization center and a monitoring center;
the open API integration and management system controls the calling authority of the API by taking an account as a unit, and comprises the following steps: management services of the API;
based on a log tracking and service monitoring technology, fusing, logging and alarming capabilities based on API granularity are provided, support is provided for API integration and integration of a multi-source heterogeneous system, and an API open platform ecology is constructed;
performing service registration, discovery and monitoring on the API gateway, the authorization center, the central console and the monitoring center by using a SpringCloud micro-service technology;
adopting OAuth2.0 standard protocol as user identity authentication and right identification protocol;
managing the authority of the user through an IAM grammar-based resource strategy;
ensuring the legality and integrity of the API request through an Hmac-Sha256 message signature mechanism;
dynamic routing configuration of the API gateway and authority isolation of multiple tenants are achieved through the APISIX, and different client keys and client routers serve as access and signature vouchers;
generating a globally unique request id for each API access through a UUID code generation technology, wherein the request id is used for subsequent link tracking and log aggregation;
the method has the advantages that the rapid indexing and aggregation of the logs are realized through the ElasticSearch, and the near-real-time query and access statistical capability is provided; completing service registration and discovery through the ETCD;
running required information through a MySQL storage system;
the authorization code is cached by Redis to increase access speed.
2. The open API integration and management method of claim 1, wherein when a service is registered in the monitoring center, the monitoring center performs active monitoring according to the registered service list and health check configuration of different services;
if each interface of the service center is effective, the service is normally provided to the outside;
and if the current state is invalid, the corresponding interface is fused temporarily, and a notification for repairing is sent to an interface provider.
3. The open API integration and management method according to claim 1, further comprising the steps of:
dynamically binding the route, the function, the version and the API, and automatically associating the server of the route and the API through the module, the function and the version;
and flow control is carried out on the central console, and AB tests and gray level tests among different functions as well as version shunting and flow mirroring functions among the same functions are supported.
4. The open API integration and management method according to claim 1, wherein the API calling process comprises the steps of:
the client sends an http request or an https request to the APISIX gateway;
the APSIX gateway splits the module, the function and the version according to the routing path and calls an external API;
mapping configuration and conversion of parameters are carried out according to interface specifications, http requests or http requests are forwarded to call real APIs, and results are returned to an APISIX gateway;
the API gateway records the request content, counts the access time and outputs a diary for collection;
and sending the return result to the client through the APISIX gateway.
5. The open API integration and management method according to claim 4, wherein said step of mapping configuration and conversion of parameters according to interface specifications comprises the steps of:
a user accesses a required API on an open platform;
a user creates parameter mapping configuration corresponding to the API in an open platform background, and mapping of a return state, a return code and a JSON data Key is carried out;
and when the system is actually called, the central console performs one-to-one parameter mapping conversion according to the mapping configuration of the parameters.
6. The open API integration and management method according to claim 1, further comprising the step of authenticating the user with authorization:
a user registers an account number on an API open platform;
the user carries out account authentication in a developer background and confirms to become a platform developer or a capability caller;
the central console informs an authorization center to distribute a client key and a client secret for the user;
the user obtains the authorization code in the background of the developer, wherein the client key is the client id of the authentication authorization, and the client secret is the password of the authentication authorization.
7. The open API integration and management method according to claim 1, further comprising the step of a user purchasing an API:
a user submits an API purchase order on the API open platform and finishes payment;
the central console binds the client key of the user and the purchased API resources in the service registration in the discovery module;
the central console sets a calling limit according to the API calling amount purchased by the user and synchronizes the calling limit to the authorization center and the monitoring center;
and sending a notice that the API authority is opened to the user, and calling the purchased API by using the client key and the client secret by the user.
8. The open API integration and management method of claim 5 further comprising the step of completing authentication and certification of the user calling the API:
the user uses the client key and the client secret to call the calling method, the calling time, the requested parameters and the API address, and calls the API after using the Hmac-Sha256 algorithm signature;
the authorization center acquires a corresponding client secret according to the client key, and performs signature authentication by using the same Hmac-Sha256 algorithm;
if the signature calculated by the authorization center is consistent with the signature sent by the user, verifying whether the client key has the right to call the corresponding API interface again;
if no corresponding authority exists, the APISIX gateway is informed to return error information, and the calling is finished;
and if the corresponding authority exists, performing mapping configuration and conversion of parameters according to the interface specification, calling a real API, returning time through an APISIX gateway, and ending calling.
9. The open API integration and management method of claim 1, wherein said automated workflow comprises:
a user manually triggers a workflow or automatically triggers a workflow meeting conditions;
the central console accesses the appointed APIs in sequence according to the configuration of the workflow;
the result output of the former API access is converted into the request input of the next API access through parameter mapping;
and after the calling of all the APIs is completed, informing the user of the workflow execution condition.
10. A computer device comprising a processor and a memory, wherein the memory has stored therein at least one instruction, at least one program, set of codes, or set of instructions that is loaded and executed by the processor to implement the open API integration and management method of any of claims 1 to 9.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210561137.9A CN114979103A (en) | 2022-05-19 | 2022-05-19 | Open API integration and management method and computer equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210561137.9A CN114979103A (en) | 2022-05-19 | 2022-05-19 | Open API integration and management method and computer equipment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114979103A true CN114979103A (en) | 2022-08-30 |
Family
ID=82985540
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210561137.9A Pending CN114979103A (en) | 2022-05-19 | 2022-05-19 | Open API integration and management method and computer equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114979103A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115695139A (en) * | 2022-12-29 | 2023-02-03 | 安徽交欣科技股份有限公司 | Method for enhancing micro-service system architecture based on distributed robust |
CN116401198A (en) * | 2023-06-08 | 2023-07-07 | 成都房联云码科技有限公司 | SM2 algorithm-based interface bus system |
CN117390105A (en) * | 2023-12-11 | 2024-01-12 | 中核武汉核电运行技术股份有限公司 | Service input method and system of industrial service open platform |
CN117457218A (en) * | 2023-12-22 | 2024-01-26 | 深圳市健怡康医疗器械科技有限公司 | Interactive rehabilitation training assisting method and system |
CN117632115A (en) * | 2023-10-17 | 2024-03-01 | 天翼数字生活科技有限公司 | Intelligent service integration method and system based on capacity base communication opening |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140331240A1 (en) * | 2012-01-20 | 2014-11-06 | Huawei Technologies Co., Ltd. | Method, device and system for using and invoking oauth api |
CN111176633A (en) * | 2020-01-15 | 2020-05-19 | 山东健康医疗大数据有限公司 | Open terminal based on modular service and third party access method thereof |
-
2022
- 2022-05-19 CN CN202210561137.9A patent/CN114979103A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140331240A1 (en) * | 2012-01-20 | 2014-11-06 | Huawei Technologies Co., Ltd. | Method, device and system for using and invoking oauth api |
CN111176633A (en) * | 2020-01-15 | 2020-05-19 | 山东健康医疗大数据有限公司 | Open terminal based on modular service and third party access method thereof |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115695139A (en) * | 2022-12-29 | 2023-02-03 | 安徽交欣科技股份有限公司 | Method for enhancing micro-service system architecture based on distributed robust |
CN116401198A (en) * | 2023-06-08 | 2023-07-07 | 成都房联云码科技有限公司 | SM2 algorithm-based interface bus system |
CN116401198B (en) * | 2023-06-08 | 2023-09-22 | 成都房联云码科技有限公司 | SM2 algorithm-based interface bus system |
CN117632115A (en) * | 2023-10-17 | 2024-03-01 | 天翼数字生活科技有限公司 | Intelligent service integration method and system based on capacity base communication opening |
CN117390105A (en) * | 2023-12-11 | 2024-01-12 | 中核武汉核电运行技术股份有限公司 | Service input method and system of industrial service open platform |
CN117390105B (en) * | 2023-12-11 | 2024-03-01 | 中核武汉核电运行技术股份有限公司 | Service input method and system of industrial service open platform |
CN117457218A (en) * | 2023-12-22 | 2024-01-26 | 深圳市健怡康医疗器械科技有限公司 | Interactive rehabilitation training assisting method and system |
CN117457218B (en) * | 2023-12-22 | 2024-03-05 | 深圳市健怡康医疗器械科技有限公司 | Interactive rehabilitation training assisting method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11281457B2 (en) | Deployment of infrastructure in pipelines | |
CN114979103A (en) | Open API integration and management method and computer equipment | |
CN111181727B (en) | Open API full life cycle management method based on micro service | |
EP3676744B1 (en) | System and method for providing an interface for a blockchain cloud service | |
US11182379B2 (en) | DAG based methods and systems of transaction processing in a distributed ledger | |
CN108415832B (en) | Interface automation test method, device, equipment and storage medium | |
US8533799B2 (en) | Service integration platform system and method for internet services | |
WO2020029375A1 (en) | Interface testing method and system, and computer device and storage medium | |
US11874827B2 (en) | System and method for automatic, rapid, and auditable updates of digital contracts | |
US20140075031A1 (en) | Separation of pod provisioning and service provisioning | |
WO2015100611A1 (en) | Network function virtualisation nfv fault management apparatus, device, and method | |
CN112311893B (en) | Cross-region, business and system data service middleware and data verification method | |
JP7453426B2 (en) | Network management systems, methods, devices and electronic equipment | |
US20210226929A1 (en) | Techniques for transferring data across air gaps | |
CN111694743A (en) | Service system detection method and device | |
US20200302034A1 (en) | Systems and methods for transaction-based licensing | |
CN110362294A (en) | Development task executes method, apparatus, electronic equipment and storage medium | |
US11582345B2 (en) | Context data management interface for contact center | |
JP6382705B2 (en) | Virtual device test apparatus, virtual device test method, and virtual device test program | |
CN113810379A (en) | Exception handling method and multi-service system | |
CN112231109B (en) | Buffer resource management system, method and device | |
CN111367867B (en) | Log information processing method and device, electronic equipment and storage medium | |
CN114840384A (en) | U shield testing method and device, storage medium and electronic equipment | |
CN117911217A (en) | Government integrated capability center realization method and system | |
CN114968568A (en) | Method, device, equipment and computer readable medium for checking data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20220830 |