CN115801275A - API interface encryption signature method - Google Patents
API interface encryption signature method Download PDFInfo
- Publication number
- CN115801275A CN115801275A CN202211464423.XA CN202211464423A CN115801275A CN 115801275 A CN115801275 A CN 115801275A CN 202211464423 A CN202211464423 A CN 202211464423A CN 115801275 A CN115801275 A CN 115801275A
- Authority
- CN
- China
- Prior art keywords
- interface
- character string
- current
- request
- steps
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an API interface encryption signature method, which relates to the technical field of API interface transmission and comprises the following steps: obtaining the Params transmitted by the interface in advance for deep copy, and deleting the null attribute; adding specific attributes, forming an object, converting the object into a character string, and removing special characters; sorting according to ASCII codes; performing MD5 encryption on the obtained character string, adding the character string into Headers, transmitting the character string to an interface provider, wherein the Headers at least comprise a first Sign value; and the interface provider checks the label after receiving the response. The anti-fake method can prevent a third party from maliciously calling the interface, the signature ensures the source reliability of the information, meanwhile, the anti-fake method can prevent the tampering attack, avoid the interface request head or the inquiry character string or the content and the like from being modified in the transmission process, and in addition, the anti-replay attack can prevent the request from being intercepted, the encryption can ensure the safety of the data, and the information safety in the interface data transmission process can be ensured.
Description
Technical Field
The invention relates to the technical field of API (application program interface) transmission, in particular to an API encryption signature method.
Background
The interface of the Web server is generally requested through an HTTP or HTTPS mode, GET and POST are two basic methods of HTTP request, GET adopts a plaintext mode to contain parameters in URL, POST transmits the parameters through a requestbody, and packet capturing software can directly capture the URL and the request parameters of the request.
At present, common HTTP protocol-based requests/responses (Request or responses) are all intercepted, tampered, replayed (retransmitted). An application program deployed in a wide area network can scan all exposed interfaces of the application program according to an IP or a domain name, then parameters are analyzed, the program is injected, a third party can steal interface data by utilizing network monitoring or other methods, and an effective API request is continuously repeated maliciously or fraudulently, so that the problem of low safety coefficient exists.
An effective solution to the problems in the related art has not been proposed yet.
Disclosure of Invention
Aiming at the problems in the related art, the invention provides an API interface encryption signature method to overcome the technical problems in the prior related art.
The technical scheme of the invention is realized as follows:
an API interface encryption signature method comprises the following steps:
step S1, obtaining the Params transmitted by an interface in advance for deep copy, and deleting null attributes;
s2, adding specific attributes to form an object, converting the object into a character string, and removing special characters;
s3, sorting according to ASCII (American Standard Code for Information exchange) codes;
s4, carrying out MD5 (MD 5 Message-Digest Algorithm, MD5 information Digest) encryption on the obtained character string, adding the encrypted character string into Headers, and transmitting the encrypted character string to an interface provider, wherein the Headers at least comprise a first Sign value;
and S6, the interface provider checks the label after receiving the response.
Wherein, the interface provider checks the label after receiving the response, including the following steps:
step S601, the interface provider receives the request parameter, encrypts the request parameter, and obtains a second Sign value, where the step S includes:
step S602, if the current first Sign value is the same as the current second Sign value, the current request parameter is not tampered, and the access is allowed.
The interface provider checks the signature after receiving the response, and the method comprises the following steps:
step S601, the interface provider receives the request parameter, encrypts the request parameter, and obtains a second Sign value, where the step S includes:
step S603, if the current first Sign value is different from the current second Sign value, the current request parameter is tampered, and the request is invalid.
Wherein the adding of the specific attribute comprises: one or more combinations of Token, key, authorization, and Request ID.
Wherein, the said component object is converted into the character string, including the following steps:
step S201, adding Key and Token, and adding a Request ID assembled by a time stamp and random number.
Wherein, the Key is added by the following steps
Step S202, the interface caller and the interface provider agree on a parameter encryption algorithm in advance.
Wherein, the interface provider checks the label after receiving the response, also include the following steps:
step S604, the interface provider verifies whether the current timestamp is within the allowed time range, and whether the interface is replayed for multiple times, wherein the method includes the following steps:
step S605, if the current time stamp is in the allowed time range and the interface is not replayed for a plurality of times, the access is allowed;
in step S606, if the current timestamp is not within the allowable time range, and the interface has multiple replays, the request is invalid.
The invention has the beneficial effects that:
the API interface encryption signature method comprises the steps of obtaining Params transmitted by an interface in advance for deep copying, deleting empty attributes, adding specific attributes, forming an object, converting the object into a character string, removing special characters, sequencing according to ASCII codes, carrying out MD5 encryption on the obtained character string, adding the character string into Headers for transmission to an interface provider, carrying out signature verification after the interface provider receives a response, and realizing interface encryption signature.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
Fig. 1 is a schematic flowchart of an API interface cryptographic signature method according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived from the embodiments of the present invention by a person skilled in the art, are within the scope of the present invention.
According to an embodiment of the invention, an API interface encryption signature method is provided.
As shown in fig. 1, the API interface encryption signing method according to the embodiment of the present invention includes the following steps:
step S1, obtaining the Params transmitted by an interface in advance for deep copy, and deleting null attributes;
s2, adding specific attributes to form an object, converting the object into a character string, and removing special characters;
s3, sequencing according to the ASCII codes;
s4, performing MD5 encryption on the obtained character string, adding the character string into heads for transmission to an interface provider, wherein the heads at least comprises a first Sign value;
and S6, the interface provider checks the signature after receiving the response.
By means of the scheme, in order to guarantee the safety of data when the API is called, an interface caller and an interface provider define a uniform parameter encryption algorithm, encryption enables the data not to be correctly identified, and a signature is used for guaranteeing that the data is not modified. The interface is signed, pre-signing is carried out before data are submitted, the data are placed in heads for transmission, and a signature algorithm adds specific attributes according to a certain agreed format, so that the reliability of an information source is guaranteed, and the disguised attack of a third party is prevented.
In addition, the interface provider checks the signature after receiving the response, and the method comprises the following steps:
step S601, the interface provider receives the request parameter, encrypts the request parameter and then acquires a second Sign value.
According to the technical scheme, the parameters which are put into the first Sign value in the heads and need to be transmitted are transmitted to an interface provider. After receiving the response, the interface provider checks the signature, encrypts the request parameter in the same way to obtain a second Sign value, which is as follows:
step S602, if the current first Sign value is the same as the current second Sign value, the current request parameter is not tampered, and the access is allowed.
Step S603, if the current first Sign value is different from the current second Sign value, the current request parameter is tampered, and the request is invalid.
By means of the scheme, if the current first Sign value is the same as the current second Sign value, the parameter is not tampered, a safe request background is achieved, and the identities of the server and the client are guaranteed.
Wherein the adding of the specific attribute comprises: one or more of Token, key, authorization and Request ID.
Wherein, the converting of the composition object into the character string comprises the following steps:
step S201, adding Key and Token, and adding a Request ID assembled by a time stamp and random number.
Wherein, the Key is added by the following steps
Step S202, the interface caller and the interface provider agree on a parameter encryption algorithm in advance.
Wherein, the interface provider checks the label after receiving the response, also include the following steps:
in step S604, the interface provider verifies whether the current timestamp is within the allowable time range, and whether the interface is replayed multiple times.
According to the technical scheme, the Request IDs spliced by the timestamps and the random numbers are different from each other, the interface provider verifies whether the timestamps are within an allowed time range, and judges whether the interfaces are replayed for multiple times, wherein the method specifically comprises the following steps:
step S605, if the current time stamp is in the allowed time range and the interface is not replayed for a plurality of times, the access is allowed;
in step S606, if the current timestamp is not within the allowable time range, and the interface has multiple replays, the request is invalid.
In summary, according to the technical scheme of the present invention, the Params transmitted by the interface is obtained in advance to perform deep copy, the null attribute is deleted, the specific attribute is added to form the object, the object is converted into the character string, the special characters are removed, the character string is sequenced according to the ASCII code, the MD5 encryption is performed on the obtained character string, the obtained character string is added to the Headers to be transmitted to the interface provider, and the interface provider checks the signature after receiving the response, so as to implement the interface encryption signature.
While the foregoing is directed to the preferred embodiment of the present invention, other and further embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It will be understood that the present disclosure is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.
Claims (7)
1. An API (application program interface) encryption signing method is characterized by comprising the following steps:
obtaining the Params transmitted by an interface in advance for deep copy, and deleting the null attribute;
adding specific attributes to form an object, converting the object into a character string, and removing special characters;
sorting according to ASCII codes;
performing MD5 encryption on the obtained character string, adding the character string into heads for transmission to an interface provider, wherein the heads at least comprises a first Sign value;
and the interface provider checks the label after receiving the response.
2. The API interface cryptographic signature method of claim 1, wherein said interface provider verifies said signature upon receiving a response, comprising the steps of:
the interface provider receives the request parameter, encrypts the request parameter and then acquires a second Sign value, wherein the interface provider comprises:
and if the current first Sign value is the same as the current second Sign value, the current request parameter is not tampered, and the access is allowed.
3. The API interface cryptographic signature method of claim 1, wherein said interface provider verifies said signature upon receiving a response, comprising the steps of:
the interface provider receives the request parameter, encrypts the request parameter and then acquires a second Sign value, wherein the interface provider comprises:
and if the current first Sign value is different from the current second Sign value, the current request parameter is tampered, and the request is invalid.
4. The API interface cryptographic signature method of claim 1, wherein said adding specific attributes comprises: one or more combinations of Token, key, authorization, and Request ID.
5. The API interface cryptographic signature method of claim 4, wherein said component objects are converted into strings, comprising the steps of:
adding Key and Token, and adding timestamp and random number assembled RequestID.
6. The API interface cryptographic signature method of claim 5, wherein said adding a Key includes the following steps
The interface caller and the interface provider agree on a parameter encryption algorithm in advance.
7. The API interface cryptographic signature method of claim 6, wherein said interface provider verifies said signature upon receiving a response, further comprising the steps of:
the interface provider verifies whether the current time stamp is within the allowed time range and whether the interface is replayed for multiple times, wherein the method comprises the following steps:
if the current timestamp is in the allowed time range and the interface is not replayed for multiple times, access is allowed;
and if the current time stamp is not in the allowed time range and the interface has multiple replays, the request is invalid.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211464423.XA CN115801275A (en) | 2022-11-22 | 2022-11-22 | API interface encryption signature method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211464423.XA CN115801275A (en) | 2022-11-22 | 2022-11-22 | API interface encryption signature method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115801275A true CN115801275A (en) | 2023-03-14 |
Family
ID=85439930
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211464423.XA Pending CN115801275A (en) | 2022-11-22 | 2022-11-22 | API interface encryption signature method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115801275A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116865980A (en) * | 2023-09-05 | 2023-10-10 | 杭州比智科技有限公司 | Method and system for realizing tamper resistance by adding signature based on SHA-256 Hash algorithm interface |
-
2022
- 2022-11-22 CN CN202211464423.XA patent/CN115801275A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116865980A (en) * | 2023-09-05 | 2023-10-10 | 杭州比智科技有限公司 | Method and system for realizing tamper resistance by adding signature based on SHA-256 Hash algorithm interface |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10516662B2 (en) | System and method for authenticating the legitimacy of a request for a resource by a user | |
| CN114900338B (en) | Encryption and decryption method, device, equipment and medium | |
| CN108040065A (en) | Webpage redirect after exempt from login method, device, computer equipment and storage medium | |
| CN108537046A (en) | A kind of online contract signature system and method based on block chain technology | |
| KR100697132B1 (en) | Time stamp service system, time stamp information verification server apparatus, and recording medium | |
| JP2005012732A (en) | Device authentication system, terminal device, authentication server, service server, terminal device method, authentication method, terminal device program, authentication program, service server program, and storage medium | |
| CN111884811B (en) | Block chain-based data evidence storing method and data evidence storing platform | |
| CN109714370B (en) | HTTP (hyper text transport protocol) -based cloud security communication implementation method | |
| US8615653B2 (en) | Methods and systems for dynamic updates of digital certificates via subscription | |
| CN101860540A (en) | Method and device for identifying legality of website service | |
| CN113536250B (en) | Token generation method, login verification method and related equipment | |
| CN112566121B (en) | Method for preventing attack, server and storage medium | |
| JP2007028015A (en) | Program, system and method for time stamp verification, and time stamp generation request method | |
| JP2001177513A (en) | Authenticating method in communication system, center equipment, and recording medium with authentication program recorded thereon | |
| CN115801275A (en) | API interface encryption signature method | |
| CN109450643B (en) | Signature verification method realized on Android platform based on native service | |
| CN113221188A (en) | AIS data evidence storing method, AIS data evidence obtaining device and AIS data evidence storing medium | |
| CN112040268A (en) | Video playing method and storage medium supporting user-defined DRM | |
| CN107086918B (en) | A kind of client validation method and server | |
| CN108282332A (en) | A kind of data signature method and device | |
| JP2009212570A (en) | Audit trail management system, transmitter, and receiver | |
| CN111565178B (en) | Service information issuing method, device, server, client and storage medium | |
| CN115514991B (en) | IPTV video tamper-proof method, server and client | |
| WO2016158908A1 (en) | Network communication method and network communication system | |
| CN112685786B (en) | Financial data encryption and decryption method, system, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |