CN103188344A - Method for safely invoking REST API (representational state transfer, application programming interface) - Google Patents
Method for safely invoking REST API (representational state transfer, application programming interface) Download PDFInfo
- Publication number
- CN103188344A CN103188344A CN201310056760XA CN201310056760A CN103188344A CN 103188344 A CN103188344 A CN 103188344A CN 201310056760X A CN201310056760X A CN 201310056760XA CN 201310056760 A CN201310056760 A CN 201310056760A CN 103188344 A CN103188344 A CN 103188344A
- Authority
- CN
- China
- Prior art keywords
- token
- client
- application server
- request
- security token
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Stored Programmes (AREA)
Abstract
The invention provides a method for safely invoking an REST API (representational state transfer, application programming interface). The method comprises the following steps that: a client initiates a first API invocation request to an application server; the application server verifies the validity of the first request of the client and provides a token; the client carries the token to imitates a second request to the application server again; and the application server does not generate the token for the client, but verifies the token of the second request information, responds to the client request which is legal and valid to the token and returns a corresponding result. The method for safely invoking the REST API, disclosed by the invention, greatly improves the safety when the client invokes the REST API, and meanwhile, saves the time when the application server requests the verification to the client and improves the efficiency when the application server responds to the client request.
Description
Technical field
The present invention relates to Web application and development field, be specifically related to when REST framework style exploitation internet, applications, a kind of safety is called the method for REST API.
Background technology
Along with the development of Information technology and the continuous application of network technology, the Web application and development is designed into every field gradually.REST framework style is the brand-new exploitation style at the Web application, is the most successful Internet superman media distribution formula system architecture in the world today, and it makes people get a real idea of the original looks of Http agreement.Along with the REST framework becomes mainstream technology, a kind of mode of thinking of brand-new Internet application and development comes into vogue.
In the Web application development process, especially under REST framework style, the user is more and more higher for safe requirement, and for the developer, when seeking efficiently development approach, also constantly pay attention to the raising of fail safe, the present invention calls the method for REST API with regard to having proposed a kind of new safety.
Wherein: REST (Representational State Transfer, presentation state transitions);
API (Application Programming Interface, API).
Summary of the invention
The purpose of this invention is to provide a kind of safety and call the method for REST API.
The objective of the invention is to realize in the following manner, invocation step is as follows:
Client is initiated API Calls first request to application server, the legitimacy of server authentication client first request also provides identity security token token, client is initiated second request, the solicited message of application server checking client and return results to application server again according to identity security token token;
When client is initiated first request of REST API Calls to application server, must in first solicited message, comprise the required identity information of checking, application server receives first request from client, by Verification System checking request legitimacy, for legitimate request provides identity security token token;
This identity security token token content comprise from the identity information of client first request, after the checking of application server Verification System, additional unique ID at random and timestamp, form basic identity security token token, after encrypting, formal generation application server is used for returning to the identity security token token of client, and this token keeps uniqueness also to have certain life cycle;
Client is initiated second request to application server again according to identity security token token, the solicited message of application server checking client and return results, client is received after the identity security token token of application server responses, carry this security token token and initiate second request to application server again, server no longer generates security token token for client, but the identity security token token in second solicited message is verified, identity security token token legal and valid client-requested is responded, return accordingly result.
The invention has the beneficial effects as follows: client is initiated API Calls first request to application server, the legitimacy of server authentication client first request also provides identity security token (token), client is carried identity security token (token) and is initiated second request to application server again, application server no longer generates security token (token) for client, but the identity security token (token) in second solicited message is verified, identity security token legal and valid client-requested is responded, return accordingly result.This method has improved the fail safe of client call REST API greatly, has saved the time of application server to the client-requested checking simultaneously, has improved server customer in response end request efficiency.
Description of drawings
Fig. 1 is the realization flow schematic diagram.
Embodiment
Explain below with reference to Figure of description method of the present invention being done.
With reference to accompanying drawing 1, content of the present invention is described the process of this method of realization with an instantiation.
Implementation step is as follows:
Client is initiated API Calls first request (1) to application server, the legitimacy of server authentication client first request also provides identity security token (token) (2), client is carried identity security token (token) and is initiated second request (3) to application server again, application server is verified the identity security token (token) in second solicited message, identity security token legal and valid client-requested is responded, return accordingly result (4), by that analogy.
Except the described technical characterictic of specification, be the known technology of those skilled in the art.
Claims (1)
1. a safety is called the method for REST API, it is characterized in that invocation step is as follows:
Client is initiated API Calls first request to application server, the legitimacy of server authentication client first request also provides identity security token token, client is initiated second request, the solicited message of application server checking client and return results to application server again according to identity security token token;
When client is initiated first request of REST API Calls to application server, must in first solicited message, comprise the required identity information of checking, application server receives first request from client, by Verification System checking request legitimacy, for legitimate request provides identity security token token;
This identity security token token content comprise from the identity information of client first request, after the checking of application server Verification System, additional unique ID at random and timestamp, form basic identity security token token, after encrypting, formal generation application server is used for returning to the identity security token token of client, and this token keeps uniqueness also to have certain life cycle;
Client is initiated second request to application server again according to identity security token token, the solicited message of application server checking client and return results, client is received after the identity security token token of application server responses, carry this security token token and initiate second request to application server again, server no longer generates security token token for client, but the identity security token token in second solicited message is verified, identity security token token legal and valid client-requested is responded, return accordingly result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310056760XA CN103188344A (en) | 2013-02-22 | 2013-02-22 | Method for safely invoking REST API (representational state transfer, application programming interface) |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310056760XA CN103188344A (en) | 2013-02-22 | 2013-02-22 | Method for safely invoking REST API (representational state transfer, application programming interface) |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103188344A true CN103188344A (en) | 2013-07-03 |
Family
ID=48679306
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310056760XA Pending CN103188344A (en) | 2013-02-22 | 2013-02-22 | Method for safely invoking REST API (representational state transfer, application programming interface) |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103188344A (en) |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104780176A (en) * | 2015-04-28 | 2015-07-15 | 中国科学院微电子研究所 | Method and system for securely calling representational state transfer application programming interface |
| CN104836777A (en) * | 2014-02-10 | 2015-08-12 | 腾讯科技(深圳)有限公司 | Identity verification method and system |
| CN104980449A (en) * | 2015-08-03 | 2015-10-14 | 携程计算机技术(上海)有限公司 | Network request security certification method and system |
| CN105915537A (en) * | 2016-05-27 | 2016-08-31 | 努比亚技术有限公司 | Token generation method, token calibration method and token authentication server |
| CN106302346A (en) * | 2015-05-27 | 2017-01-04 | 阿里巴巴集团控股有限公司 | The safety certifying method of API Calls, device, system |
| CN108259432A (en) * | 2016-12-29 | 2018-07-06 | 亿阳安全技术有限公司 | A kind of management method of API Calls, equipment and system |
| CN108322477A (en) * | 2018-02-28 | 2018-07-24 | 四川新网银行股份有限公司 | A kind of document transmission method of open platform |
| CN108809991A (en) * | 2018-06-15 | 2018-11-13 | 北京云枢网络科技有限公司 | A method of the client side verification based on SDK dynamic watermarks |
| CN109101797A (en) * | 2018-08-20 | 2018-12-28 | 珠海格力电器股份有限公司 | Intelligent device control method, intelligent device and server |
| CN109120626A (en) * | 2018-08-28 | 2019-01-01 | 深信服科技股份有限公司 | Security threat processing method, system, safety perception server and storage medium |
| WO2019047064A1 (en) * | 2017-09-06 | 2019-03-14 | 深圳峰创智诚科技有限公司 | Permission control method, and server end |
| CN110809011A (en) * | 2020-01-08 | 2020-02-18 | 医渡云(北京)技术有限公司 | Access control method and system, and storage medium |
| CN111427610A (en) * | 2020-03-25 | 2020-07-17 | 山东浪潮通软信息科技有限公司 | Method, device, equipment and readable medium for integrating third-party services |
| CN111526166A (en) * | 2020-07-03 | 2020-08-11 | 支付宝(杭州)信息技术有限公司 | Information verification method, device and equipment |
| WO2021047012A1 (en) * | 2019-09-09 | 2021-03-18 | 平安普惠企业管理有限公司 | Token-based identity verification method and related device |
| CN113285808A (en) * | 2021-05-18 | 2021-08-20 | 挂号网(杭州)科技有限公司 | Identity information verification method, device, equipment and storage medium |
| CN113626840A (en) * | 2021-07-23 | 2021-11-09 | 曙光信息产业(北京)有限公司 | Interface authentication method and device, computer equipment and storage medium |
| CN113810197A (en) * | 2021-09-17 | 2021-12-17 | 上海市信产通信服务有限公司 | Service calling method and system based on OpenAPI |
| RU2792657C2 (en) * | 2018-04-09 | 2023-03-22 | Хуавэй Текнолоджиз Ко., Лтд. | Method for calling service api and corresponding device |
| US11989284B2 (en) | 2018-04-09 | 2024-05-21 | Huawei Technologies Co., Ltd. | Service API invoking method and related apparatus |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101534196A (en) * | 2008-03-12 | 2009-09-16 | 因特伟特公司 | Method and apparatus for securely invoking a rest api |
| US20090252159A1 (en) * | 2008-04-02 | 2009-10-08 | Jeffrey Lawson | System and method for processing telephony sessions |
| CN102792301A (en) * | 2010-03-12 | 2012-11-21 | 微软公司 | Semantics update and adaptive interfaces in connection with information as a service |
-
2013
- 2013-02-22 CN CN201310056760XA patent/CN103188344A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101534196A (en) * | 2008-03-12 | 2009-09-16 | 因特伟特公司 | Method and apparatus for securely invoking a rest api |
| US20090252159A1 (en) * | 2008-04-02 | 2009-10-08 | Jeffrey Lawson | System and method for processing telephony sessions |
| CN102792301A (en) * | 2010-03-12 | 2012-11-21 | 微软公司 | Semantics update and adaptive interfaces in connection with information as a service |
Cited By (25)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104836777A (en) * | 2014-02-10 | 2015-08-12 | 腾讯科技(深圳)有限公司 | Identity verification method and system |
| CN104836777B (en) * | 2014-02-10 | 2017-03-22 | 腾讯科技(深圳)有限公司 | Identity verification method and system |
| CN104780176A (en) * | 2015-04-28 | 2015-07-15 | 中国科学院微电子研究所 | Method and system for securely calling representational state transfer application programming interface |
| CN106302346A (en) * | 2015-05-27 | 2017-01-04 | 阿里巴巴集团控股有限公司 | The safety certifying method of API Calls, device, system |
| CN104980449A (en) * | 2015-08-03 | 2015-10-14 | 携程计算机技术(上海)有限公司 | Network request security certification method and system |
| CN104980449B (en) * | 2015-08-03 | 2018-05-08 | 上海携程商务有限公司 | The safety certifying method and system of network request |
| CN105915537A (en) * | 2016-05-27 | 2016-08-31 | 努比亚技术有限公司 | Token generation method, token calibration method and token authentication server |
| CN108259432A (en) * | 2016-12-29 | 2018-07-06 | 亿阳安全技术有限公司 | A kind of management method of API Calls, equipment and system |
| WO2019047064A1 (en) * | 2017-09-06 | 2019-03-14 | 深圳峰创智诚科技有限公司 | Permission control method, and server end |
| CN108322477A (en) * | 2018-02-28 | 2018-07-24 | 四川新网银行股份有限公司 | A kind of document transmission method of open platform |
| US11989284B2 (en) | 2018-04-09 | 2024-05-21 | Huawei Technologies Co., Ltd. | Service API invoking method and related apparatus |
| RU2792657C2 (en) * | 2018-04-09 | 2023-03-22 | Хуавэй Текнолоджиз Ко., Лтд. | Method for calling service api and corresponding device |
| CN108809991A (en) * | 2018-06-15 | 2018-11-13 | 北京云枢网络科技有限公司 | A method of the client side verification based on SDK dynamic watermarks |
| CN109101797A (en) * | 2018-08-20 | 2018-12-28 | 珠海格力电器股份有限公司 | Intelligent device control method, intelligent device and server |
| CN109120626A (en) * | 2018-08-28 | 2019-01-01 | 深信服科技股份有限公司 | Security threat processing method, system, safety perception server and storage medium |
| WO2021047012A1 (en) * | 2019-09-09 | 2021-03-18 | 平安普惠企业管理有限公司 | Token-based identity verification method and related device |
| CN110809011A (en) * | 2020-01-08 | 2020-02-18 | 医渡云(北京)技术有限公司 | Access control method and system, and storage medium |
| CN110809011B (en) * | 2020-01-08 | 2020-06-19 | 医渡云(北京)技术有限公司 | Access control method and system, and storage medium |
| CN111427610A (en) * | 2020-03-25 | 2020-07-17 | 山东浪潮通软信息科技有限公司 | Method, device, equipment and readable medium for integrating third-party services |
| CN111526166A (en) * | 2020-07-03 | 2020-08-11 | 支付宝(杭州)信息技术有限公司 | Information verification method, device and equipment |
| US11283614B2 (en) | 2020-07-03 | 2022-03-22 | Alipay (Hangzhou) Information Technology Co., Ltd. | Information verification method, apparatus, and device |
| CN113285808A (en) * | 2021-05-18 | 2021-08-20 | 挂号网(杭州)科技有限公司 | Identity information verification method, device, equipment and storage medium |
| CN113285808B (en) * | 2021-05-18 | 2024-03-26 | 挂号网(杭州)科技有限公司 | Identity information verification method, device, equipment and storage medium |
| CN113626840A (en) * | 2021-07-23 | 2021-11-09 | 曙光信息产业(北京)有限公司 | Interface authentication method and device, computer equipment and storage medium |
| CN113810197A (en) * | 2021-09-17 | 2021-12-17 | 上海市信产通信服务有限公司 | Service calling method and system based on OpenAPI |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103188344A (en) | Method for safely invoking REST API (representational state transfer, application programming interface) | |
| CN110086822B (en) | Method and system for implementing micro-service architecture-oriented unified identity authentication strategy | |
| CN105337949B (en) | A kind of SSO authentication method, web server, authentication center and token verify center | |
| US11676133B2 (en) | Method and system for mobile cryptocurrency wallet connectivity | |
| CN106408299B (en) | Electronic intelligent signing payment method based on block chain technology | |
| CN103139200B (en) | A kind of method of Web service single-sign-on | |
| WO2017107732A1 (en) | Login status synchronization method and system | |
| CN104917721B (en) | Authorization method, device and system based on oAuth agreement | |
| WO2017202312A1 (en) | Message permission management method and device, and storage medium | |
| CN103491084B (en) | The authentication method of a kind of client and device | |
| CN109086596B (en) | Authentication method, device and system for application program | |
| CN103220344A (en) | Method and system for using microblog authorization | |
| WO2013079037A1 (en) | Method for allowing user access, client, server, and system | |
| CN103475666A (en) | Internet of things resource digital signature authentication method | |
| CN111062023B (en) | Method and device for realizing single sign-on of multi-application system | |
| CN108259437A (en) | A kind of http access methods, http-server and system | |
| CN105207974B (en) | A kind of method, platform, application and system realized user resources differentiation and opened | |
| EP3180890A1 (en) | System and methods for user authentication across multiple domains | |
| CN108449187B (en) | Token refreshing method and device | |
| CN109067785A (en) | Cluster authentication method, device | |
| EP3008876B1 (en) | Roaming internet-accessible application state across trusted and untrusted platforms | |
| CN105847000A (en) | Token generation method and communication system based on same | |
| CN107147634B (en) | WEB service layered authentication method supporting platform multi-application | |
| CN103957189A (en) | Application program interaction method and device | |
| CN110138558A (en) | Transmission method, equipment and the computer readable storage medium of session key |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20130703 |
|
| WD01 | Invention patent application deemed withdrawn after publication |