CN117852086A - Method and device for dynamically generating SDK (software development kit) based on API (application program interface) rights - Google Patents
Method and device for dynamically generating SDK (software development kit) based on API (application program interface) rights Download PDFInfo
- Publication number
- CN117852086A CN117852086A CN202410034400.8A CN202410034400A CN117852086A CN 117852086 A CN117852086 A CN 117852086A CN 202410034400 A CN202410034400 A CN 202410034400A CN 117852086 A CN117852086 A CN 117852086A
- Authority
- CN
- China
- Prior art keywords
- api
- sdk
- generating
- information
- rights
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 238000004590 computer program Methods 0.000 claims description 13
- 238000012795 verification Methods 0.000 claims description 3
- 238000004458 analytical method Methods 0.000 claims description 2
- 239000008186 active pharmaceutical agent Substances 0.000 abstract description 20
- 238000010586 diagram Methods 0.000 description 11
- 230000006870 function Effects 0.000 description 6
- 238000004891 communication Methods 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 230000005856 abnormality Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000013506 data mapping Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 239000003550 marker Substances 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Automation & Control Theory (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
Embodiments of the present application provide methods, apparatus, devices, and computer-readable storage media for dynamically generating an SDK based on API rights. The method includes receiving an API access request; analyzing the API access request to obtain front-end API information; generating an SDK file according to the front-end API information; and calling a back-end API according to the SDK file. In this way, different API call authorities can be configured based on different users, and the users only need to pay attention to the authority API information, so that the need of searching APIs from a large number of APIs is avoided, the cost is saved, and the working efficiency is greatly improved.
Description
Embodiments of the present application relate to the field of data processing, and in particular, to a method, apparatus, device, and computer readable storage medium for dynamically generating an SDK based on API rights.
Background
Along with popularization of informatization, various platforms have more and more powerful functions, the number of APIs provided by the platforms is more and more, management is more and more complex, and the control of the application rights of the APIs is difficult to manage. To access the platform to call the API, the developer needs to read a large number of interface documents and find out interfaces suitable for himself from them, and takes much time to package the interfaces.
When the request parameters and paths of the API are mapped, it is difficult for the API user to find the real request path or parameter information of the API. For users without API rights, the acquired SDK information is very easy to cause potential safety hazard of the system.
Disclosure of Invention
According to the embodiment of the application, the scheme for dynamically generating the SDK based on the API authority is provided, different API calling authorities are configured based on different users, and the users only need to pay attention to the authority-containing API information, so that the need of searching a large number of APIs from the APIs is avoided, the cost is saved, and the working efficiency is greatly improved.
In a first aspect of the present application, a method for dynamically generating an SDK based on API rights is provided.
The method comprises the following steps:
receiving an API access request;
analyzing the API access request to obtain front-end API information;
generating an SDK file according to the front-end API information;
and calling a back-end API according to the SDK file.
Further, the front end API is mapped by the back end API.
Further, the generating the SDK file according to the front-end API information includes:
verifying the visitor permission through the constructed API permission list according to the front-end API information;
and if the verification is passed, generating a corresponding SDK file through the configured SDK template.
Further, the method further comprises the following steps:
and distributing the authority list of the API through the User-Key.
In a second aspect of the present application, an apparatus for dynamically generating an SDK based on API rights is provided.
The device comprises:
the receiving module is used for receiving the API access request;
the analysis module is used for analyzing the API access request to obtain front-end API information;
the generating module is used for generating an SDK file according to the front-end API information;
and the calling module is used for calling the back-end API according to the SDK file.
In a third aspect of the present application, an electronic device is provided. The electronic device includes: a memory and a processor, the memory having stored thereon a computer program, the processor implementing the method as described above when executing the program.
In a fourth aspect of the present application, there is provided a computer readable storage medium having stored thereon a computer program which when executed by a processor implements a method as according to the first aspect of the present application.
According to the method for dynamically generating the SDK based on the API authority, the API access request is received; analyzing the API access request to obtain front-end API information; generating an SDK file according to the front-end API information; according to the SDK file, calling a back-end API, and configuring different API calling authorities based on different users, wherein the users only need to pay attention to authority API information, so that searching of APIs required by the users from a large number of APIs is avoided; the SDKs of all users are different, so that the calling range of the API is ensured to be controllable.
It should be understood that the description in this summary is not intended to limit key or critical features of embodiments of the present application, nor is it intended to be used to limit the scope of the present application. Other features of the present application will become apparent from the description that follows.
Drawings
The above and other features, advantages and aspects of embodiments of the present application will become more apparent by reference to the following detailed description when taken in conjunction with the accompanying drawings. In the drawings, wherein like or similar reference numerals denote like or similar elements, in which:
FIG. 1 is a flow chart of a method of dynamically generating an SDK based on API rights in accordance with an embodiment of the present application;
FIG. 2 is a front-end and back-end API information map according to an embodiment of the present application;
FIG. 3 is a flow chart of generating an SDK file according to an embodiment of the present application;
FIG. 4 is a schematic diagram of an SDK template directory structure according to an embodiment of the present application;
FIG. 5 is an API call flow diagram according to an embodiment of the present application;
FIG. 6 is a block diagram of an apparatus for dynamically generating an SDK based on API rights in accordance with an embodiment of the present application;
fig. 7 is a schematic structural diagram of a terminal device or a server suitable for implementing an embodiment of the present application.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present disclosure more apparent, the technical solutions of the embodiments of the present disclosure will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present disclosure, and it is apparent that the described embodiments are some embodiments of the present disclosure, but not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments in this disclosure without inventive faculty, are intended to be within the scope of this disclosure.
In addition, the term "and/or" herein is merely an association relationship describing an association object, and means that three relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist together, and B exists alone. In addition, the character "/" herein generally indicates that the front and rear associated objects are an "or" relationship.
Fig. 1 illustrates a flowchart of a method of dynamically generating an SDK based on API rights in accordance with an embodiment of the present disclosure. The method comprises the following steps:
s110, receiving an API access request.
Wherein the API access request is a front-end API access request; the front-end API generally refers to API information requested by a caller of the API; backend API information generally refers to real API information on a platform.
In some embodiments, prior to access, the following configuration is required:
configuration API and data mapping:
as shown in fig. 2, the front end API may be mapped through the back end API. Information for configuring front-end and back-end APIs, comprising: the request path of the front-end API and the request method of the front-end API, the name and the type of the front-end Header parameter, the name and the type of the front-end query parameter, the name and the type of the front-end Body parameter, the returned name and the returned type, and the like.
The HTTP request method of the front end and the back end comprises the following steps: post, get, put, patch, delete;
front-to-back end parameter position: query, body, head, path.
Further, after the configuration of the API information is completed, the version number of the API needs to be specified, each API has at least one API version number, and finally the configured information is stored, and when the information is stored, each API generates a unique primary key ID and a corresponding API name.
When the developer calls the API by using the SDK, any call is automatically accessed by the SDK with the version number, and only one version of the API is allowed to be used in the SDK, so that different versions of the API cannot be called through the same SDK. If a version parameter is provided in the message header of the request, the API will try to find the version corresponding to the API when calling; if not, prompting corresponding abnormality, such as 4xx abnormality; if the version parameter is not provided in the header of the request, trying to find the latest version of the published API.
Configuring user API rights:
and generating a User-Key and a User-Secret based on different users, and distributing an API authority list based on the User-Key.
User-Key and API can be associated in two ways:
User-Key- > rights group- > API
User-Key->API
Description of the relationship object:
User-Key: identifying rights identity for calling API
Rights group: and the set of APIs is bound and unbindd by an administrator.
After the authority relation is established, the HTTP request submitted by the user when calling the API can be verified immediately after the signature authentication is passed, and the failed request can return to an abnormal (4 xx) state and prompt the reason of the authority error.
S120, analyzing the API access request to obtain front-end API information.
In some embodiments, the API access request acquired in step S110 is parsed to obtain front-end API information.
S130, generating an SDK file according to the front-end API information.
In some embodiments, as shown in fig. 3, based on the User identifier (primary Key ID) in the front-end API information, a corresponding User-Key is found, a constructed API authority list is queried according to the User-Key, the API authority list is loaded into a memory, data is filled through a configured SDK template, a source code, a code example and an explanatory document are generated, a compiler class (JavaCompiler) in JavaTool is called to compile the source code to generate a binary byte code file, and a jar packet is generated.
And finally, packaging and compressing all the generated files to generate a compressed package file, and returning the compressed package file to the client. The compressed packet includes: usage instructions, API call examples, SDK core code class libraries, code class library description files, and/or core code sources.
Because the API authority list configured for each user is different, the generated SDKs are different, and the effect of dynamically generating the SDKs based on the API authority is realized.
Wherein the SDK template comprises:
as shown in fig. 4, fig. 4 shows a structure diagram of an SDK template directory. The Free Marker may be used to configure source code templates, description document templates, code instance templates, etc. (SDK templates), without further limitation.
S140, calling a back-end API according to the SDK file.
In some embodiments, as shown in fig. 5, when a User uses an SDK to call an API, the User includes a User-Key in a head of the request, the User-Key is used to encrypt or sign the request data, when the User API request is received, the User-Key is used to determine whether the User has the authority to call the API, if so, the User-Key is used to decrypt the encrypted data of the request, and the front-end API information is mapped to the back-end API information to call the service of the platform, thereby completing the call of the API; otherwise, the request call of the API is refused.
According to the embodiment of the disclosure, the following technical effects are achieved:
1. different API calling authorities can be configured according to different users, and the users only need to pay attention to the authority-bearing API information, so that the need of searching for APIs from a large number of APIs is avoided;
2. dynamically generating a corresponding SDK according to the API authority list of the user;
3. the SDKs of all users are different, so that the SDKs of other people cannot be used, and the calling range of the API is ensured to be controllable;
4. the user can conveniently use different versions of the same API;
5. hiding the real API information of the system, and exposing the API information to clients through mapping; that is, the user can only see the front end API, hiding the real API of the back end.
It should be noted that, for simplicity of description, the foregoing method embodiments are all expressed as a series of action combinations, but it should be understood by those skilled in the art that the present application is not limited by the order of actions described, as some steps may be performed in other order or simultaneously in accordance with the present application. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all alternative embodiments, and that the acts and modules referred to are not necessarily required in the present application.
The foregoing is a description of embodiments of the method, and the following further describes embodiments of the device.
Fig. 6 shows a block diagram 600 of an apparatus for dynamically generating an SDK based on API rights according to an embodiment of the present application, including, as shown in fig. 6:
a receiving module 610, configured to receive an API access request;
the parsing module 620 is configured to parse the API access request to obtain front-end API information;
a generating module 630, configured to generate an SDK file according to the front end API information;
and a calling module 640, configured to call a back-end API according to the SDK file.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the described modules may refer to corresponding procedures in the foregoing method embodiments, which are not described herein again.
Fig. 7 shows a schematic diagram of a structure of a terminal device or a server suitable for implementing an embodiment of the present application.
As shown in fig. 7, the terminal device or the server includes a Central Processing Unit (CPU) 701, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 702 or a program loaded from a storage section 708 into a Random Access Memory (RAM) 703. In the RAM 703, various programs and data required for the operation of the terminal device or the server are also stored. The CPU 701, ROM 702, and RAM 703 are connected to each other through a bus 704. An input/output (I/O) interface 705 is also connected to bus 704.
The following components are connected to the I/O interface 705: an input section 706 including a keyboard, a mouse, and the like; an output portion 707 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like; a storage section 708 including a hard disk or the like; and a communication section 709 including a network interface card such as a LAN card, a modem, or the like. The communication section 709 performs communication processing via a network such as the internet. The drive 710 is also connected to the I/O interface 705 as needed. A removable medium 711 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 710 as necessary, so that a computer program read therefrom is mounted into the storage section 708 as necessary.
In particular, the above method flow steps may be implemented as a computer software program according to embodiments of the present application. For example, embodiments of the present application include a computer program product comprising a computer program embodied on a machine-readable medium, the computer program comprising program code for performing the method shown in the flowcharts. In such an embodiment, the computer program may be downloaded and installed from a network via the communication portion 709, and/or installed from the removable medium 711. The above-described functions defined in the system of the present application are performed when the computer program is executed by a Central Processing Unit (CPU) 701.
It should be noted that the computer readable medium shown in the present application may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present application, however, a computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units or modules described in the embodiments of the present application may be implemented by software, or may be implemented by hardware. The described units or modules may also be provided in a processor. Wherein the names of the units or modules do not in some cases constitute a limitation of the units or modules themselves.
As another aspect, the present application also provides a computer-readable storage medium that may be included in the electronic device described in the above embodiments; or may be present alone without being incorporated into the electronic device. The computer-readable storage medium stores one or more programs that when executed by one or more processors perform the methods described herein.
The foregoing description is only of the preferred embodiments of the present application and is presented as a description of the principles of the technology being utilized. It will be appreciated by persons skilled in the art that the scope of the application referred to in this application is not limited to the specific combinations of features described above, but it is intended to cover other embodiments in which any combination of features described above or their equivalents is possible without departing from the spirit of the application. Such as the above-mentioned features and the technical features having similar functions (but not limited to) applied for in this application are replaced with each other.
Claims (10)
1. A method for dynamically generating an SDK based on API rights, comprising:
receiving an API access request;
analyzing the API access request to obtain front-end API information;
generating an SDK file according to the front-end API information;
and calling a back-end API according to the SDK file.
2. The method of claim 1, wherein the front end API is mapped by a back end API.
3. The method of claim 2, wherein generating the SDK file based on the front-end API information comprises:
verifying the visitor permission through the constructed API permission list according to the front-end API information;
and if the verification is passed, generating a corresponding SDK file through the configured SDK template.
4. A method according to claim 3, further comprising:
and distributing the authority list of the API through the User-Key.
5. An apparatus for dynamically generating an SDK based on API rights, comprising:
the receiving module is used for receiving the API access request;
the analysis module is used for analyzing the API access request to obtain front-end API information;
the generating module is used for generating an SDK file according to the front-end API information;
and the calling module is used for calling the back-end API according to the SDK file.
6. The apparatus of claim 1, wherein the front end API is mapped by a back end API.
7. The apparatus of claim 6, wherein generating the SDK file based on the front end API information comprises:
verifying the visitor permission through the constructed API permission list according to the front-end API information;
and if the verification is passed, generating a corresponding SDK file through the configured SDK template.
8. The apparatus as recited in claim 7, further comprising:
and distributing the authority list of the API through the User-Key.
9. An electronic device comprising a memory and a processor, the memory having stored thereon a computer program, characterized in that the processor, when executing the computer program, implements the method according to any of claims 1-4.
10. A computer readable storage medium, on which a computer program is stored, which computer program, when being executed by a processor, implements the method according to any of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410034400.8A CN117852086A (en) | 2024-01-09 | 2024-01-09 | Method and device for dynamically generating SDK (software development kit) based on API (application program interface) rights |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410034400.8A CN117852086A (en) | 2024-01-09 | 2024-01-09 | Method and device for dynamically generating SDK (software development kit) based on API (application program interface) rights |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117852086A true CN117852086A (en) | 2024-04-09 |
Family
ID=90532116
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410034400.8A Pending CN117852086A (en) | 2024-01-09 | 2024-01-09 | Method and device for dynamically generating SDK (software development kit) based on API (application program interface) rights |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117852086A (en) |
-
2024
- 2024-01-09 CN CN202410034400.8A patent/CN117852086A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9503447B2 (en) | Secure communication between processes in cloud | |
| CN110879903A (en) | Evidence storage method, evidence verification method, evidence storage device, evidence verification device, evidence storage equipment and evidence verification medium | |
| CN107888656B (en) | Calling method and calling device of server-side interface | |
| US10747587B2 (en) | Dynamic rule-based transformation of API calls | |
| CN111062024A (en) | Application login method and device | |
| CN112039826B (en) | Login method and device applied to applet end, electronic equipment and readable medium | |
| US9026587B2 (en) | System and method for invoking application commands with web service calls | |
| CN110602043A (en) | API gateway implementation system and method for mobile application | |
| CN112764726B (en) | Data synthesis method and device | |
| CN116737598A (en) | Page debugging method, device, electronic equipment and computer readable medium | |
| CN112702336A (en) | Security control method and device for government affair service, security gateway and storage medium | |
| CN115396180A (en) | Micro service gateway unified authentication method, device, micro service gateway and storage medium | |
| CN109558710B (en) | User login method, device, system and storage medium | |
| CN111144878A (en) | Instruction generation method and instruction generation device | |
| CN113572763A (en) | Data processing method and device, electronic equipment and storage medium | |
| CN114584324B (en) | Identity authorization method and system based on block chain | |
| CN112448917B (en) | Website login method and device, readable medium and electronic equipment | |
| CN109683942B (en) | Script management method, script management device, script management medium and electronic equipment | |
| CN109635558B (en) | Access control method, device and system | |
| US20140101291A1 (en) | System and method for invoking web services from command-line program | |
| CN108052842B (en) | Signature data storage and verification method and device | |
| CN117852086A (en) | Method and device for dynamically generating SDK (software development kit) based on API (application program interface) rights | |
| CN115603982A (en) | Vehicle-mounted terminal security authentication method and device, electronic equipment and storage medium | |
| CN113760993A (en) | Service data query method and device and electronic equipment | |
| CN116136844A (en) | Entity identification information generation method, device, medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |