CN110839087B - Interface calling method and device, electronic equipment and computer readable storage medium - Google Patents

Interface calling method and device, electronic equipment and computer readable storage medium Download PDF

Info

Publication number
CN110839087B
CN110839087B CN202010029745.6A CN202010029745A CN110839087B CN 110839087 B CN110839087 B CN 110839087B CN 202010029745 A CN202010029745 A CN 202010029745A CN 110839087 B CN110839087 B CN 110839087B
Authority
CN
China
Prior art keywords
interface
private cloud
list
request
private
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010029745.6A
Other languages
Chinese (zh)
Other versions
CN110839087A (en
Inventor
田仁江
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Yiyiyun Technology Co ltd
Original Assignee
Beijing Yiyiyun Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Yiyiyun Technology Co ltd filed Critical Beijing Yiyiyun Technology Co ltd
Priority to CN202010029745.6A priority Critical patent/CN110839087B/en
Publication of CN110839087A publication Critical patent/CN110839087A/en
Application granted granted Critical
Publication of CN110839087B publication Critical patent/CN110839087B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The disclosure relates to an interface calling method and device, electronic equipment and a computer readable storage medium, relates to the technical field of computers, and can be applied to a scene of interface calling between private clouds in a mixed cloud cluster. The interface calling method comprises the following steps: receiving an interface calling request sent by a first private cloud; the interface calling request comprises identity information and an interface access list of the first private cloud; performing identity authentication operation on the identity information, and determining an identity authentication result; performing list verification operation on the interface access list and determining a list verification result; if the identity verification result and the list verification result are both passed, sending the interface calling request to a second private cloud; and receiving response content sent by the second private cloud and aiming at the interface calling request so as to send the response content to the first private cloud. The method and the system can enable the plurality of private clouds to achieve the technical effect of API level mutual access through the central gateway.

Description

Interface calling method and device, electronic equipment and computer readable storage medium
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to an interface calling method, an interface calling apparatus, an electronic device, and a computer-readable storage medium.
Background
With the development of cloud computing, most enterprises have planned or have begun to use cloud computing, and the cloud model used by each enterprise may be different, for example, common cloud models include public clouds, private clouds, and hybrid clouds.
In the hybrid cloud mode, communication cannot be directly connected between private clouds based on security considerations, however, business transaction requirements between private cloud clusters are more and more, and under the condition that mutual direct communication cannot be achieved, a new scheme needs to be designed urgently to solve the business layer requirements.
Some current solutions include: an Application Programming Interface (API) gateway is established, and authentication and log functions for API access are realized through the API gateway, but in a hybrid cloud scenario, it is necessary to have authorization management and audit functions to realize mutual calling of API cores between private clouds. In addition, the private clouds are directly communicated through a virtual private network, the API call still needs to establish the authorization management and the auditing function, and if a plurality of private clouds are directly communicated, the management cost is very high.
It is to be noted that the information disclosed in the above background section is only for enhancement of understanding of the background of the present disclosure, and thus may include information that does not constitute prior art known to those of ordinary skill in the art.
Disclosure of Invention
The present disclosure aims to provide an interface calling method, an interface calling apparatus, an electronic device, and a computer-readable storage medium, so as to overcome, at least to a certain extent, a problem that effective intercommunication cannot be performed between private clouds in a mixed cloud cluster in the prior art.
Additional features and advantages of the disclosure will be set forth in the detailed description which follows, or in part will be obvious from the description, or may be learned by practice of the invention.
According to a first aspect of the present disclosure, there is provided an interface calling method, including: receiving an interface calling request sent by a first private cloud; the interface calling request comprises identity information and an interface access list of the first private cloud; performing identity authentication operation on the identity information, and determining an identity authentication result; performing list verification operation on the interface access list and determining a list verification result; if the identity verification result and the list verification result are both passed, sending the interface calling request to a second private cloud; and receiving response content sent by the second private cloud and aiming at the interface calling request so as to send the response content to the first private cloud.
Optionally, before receiving the interface call request sent by the first private cloud, the method further includes: determining a private cloud set; wherein the set of private clouds includes a plurality of initial private clouds; receiving a registration request of an initial private cloud; the registration request comprises interface calling information; performing registration operation aiming at the initial private cloud according to the interface calling information to generate a registered private cloud; wherein the registered private clouds include a first private cloud and a second private cloud.
Optionally, after generating the registered private cloud, the method further includes: receiving an authority acquisition request aiming at a first target interface and sent by a first private cloud; whether the first private cloud is endowed with access authority for the first target interface is checked, and a checking result is determined; and if the auditing result is that the first private cloud passes, sending an interface access list to the first private cloud.
Optionally, before receiving the interface call request sent by the first private cloud, the method further includes: determining an identity token of the first private cloud, and generating an access token of the first private cloud according to the identity token; generating identity information of the first private cloud according to the access token; determining a gateway address, a target cluster identifier and an interface identifier to be accessed, which correspond to the first private cloud; generating an interface access address according to the gateway address, the target cluster identifier and the interface identifier to be accessed, and storing the interface access address in an interface access list; and generating an interface calling request according to the identity information and the interface access list.
Optionally, the performing an identity verification operation on the identity information includes: determining validity period information of the access token and a token signature in the identity token; and verifying the validity period information and the token signature so as to perform identity verification operation.
Optionally, performing a list verification operation on the interface access list includes: determining a second target interface contained in the interface access list; and judging whether the first private cloud has the access right for the second private cloud and the second target interface so as to perform list verification operation.
Optionally, the method further includes: determining a response transmission time for transmitting the response content; generating response information according to the response content and the response sending time; and generating a call log record according to the interface call request and the response information so as to audit the call log record.
According to a second aspect of the present disclosure, there is provided an interface calling apparatus, including: the request receiving module is used for receiving an interface calling request sent by a first private cloud; the interface calling request comprises identity information and an interface access list of the first private cloud; the identity authentication module is used for carrying out identity authentication operation on the identity information and determining an identity authentication result; the list verification module is used for performing list verification operation on the interface access list and determining a list verification result; the request sending module is used for sending the interface calling request to the second private cloud if the identity verification result and the list verification result are both passed; and the response content sending module is used for receiving response content which is sent by the second private cloud and aims at the interface calling request so as to send the response content to the first private cloud.
Optionally, the interface calling apparatus further includes a registration module, configured to determine a private cloud set; wherein the set of private clouds includes a plurality of initial private clouds; receiving a registration request of an initial private cloud; the registration request comprises interface calling information; performing registration operation aiming at the initial private cloud according to the interface calling information to generate a registered private cloud; wherein the registered private clouds include a first private cloud and a second private cloud.
Optionally, the registration module includes an auditing unit, configured to receive a permission obtaining request for the first target interface, where the permission obtaining request is sent by the first private cloud; whether the first private cloud is endowed with access authority for the first target interface is checked, and a checking result is determined; and if the auditing result is that the first private cloud passes, sending an interface access list to the first private cloud.
Optionally, the interface invoking device further includes a request generating module, configured to determine an identity token of the first private cloud, and generate an access token of the first private cloud according to the identity token; generating identity information of the first private cloud according to the access token; determining a gateway address, a target cluster identifier and an interface identifier to be accessed, which correspond to the first private cloud; generating an interface access address according to the gateway address, the target cluster identifier and the interface identifier to be accessed, and storing the interface access address in an interface access list; and generating an interface calling request according to the identity information and the interface access list.
Optionally, the identity verification module includes an identity verification unit, configured to determine validity period information of the access token and a token signature in the identity token; and verifying the validity period information and the token signature so as to perform identity verification operation.
Optionally, the list verification module includes a list verification unit, configured to determine a second target interface included in the interface access list; and judging whether the first private cloud has the access right for the second private cloud and the second target interface so as to perform list verification operation.
Optionally, the interface calling apparatus further includes a log recording module, configured to determine response sending time for sending the response content; generating response information according to the response content and the response sending time; and generating a call log record according to the interface call request and the response information so as to audit the call log record.
According to a third aspect of the present disclosure, there is provided an electronic device comprising: a processor; and a memory having computer readable instructions stored thereon which, when executed by the processor, implement the interface call method according to any of the above.
According to a fourth aspect of the present disclosure, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements an interface call method according to any one of the above.
The technical scheme provided by the disclosure can comprise the following beneficial effects:
the interface calling method in the exemplary embodiment of the present disclosure receives an interface calling request sent by a first private cloud; the interface calling request comprises identity information and an interface access list of the first private cloud; performing identity authentication operation on the identity information, and determining an identity authentication result; performing list verification operation on the interface access list and determining a list verification result; if the identity verification result and the list verification result are both passed, sending the interface calling request to a second private cloud; and receiving response content sent by the second private cloud and aiming at the interface calling request so as to send the response content to the first private cloud. On one hand, the private cloud and the central gateway are communicated, so that the multiple private clouds in the mixed cloud cluster can realize the mutual access of the API layer through the central gateway, and the problem that the private clouds cannot be communicated directly due to safety reasons can be effectively solved. On the other hand, the interface access list and the identity information in the interface calling request of the first private cloud are verified, if the verification is passed, the interface calling request is forwarded to the second private cloud so as to receive response content which is returned by the second private cloud and aims at the interface calling request, and the safety of information interaction between the private clouds is guaranteed through verification operation.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure. It is to be understood that the drawings in the following description are merely exemplary of the disclosure, and that other drawings may be derived from those drawings by one of ordinary skill in the art without the exercise of inventive faculty. In the drawings:
FIG. 1 schematically illustrates a flow chart of an interface invocation method according to an exemplary embodiment of the present disclosure;
FIG. 2 schematically illustrates a system architecture diagram of an interface invocation method and a data flow diagram based on the system architecture, according to an exemplary embodiment of the present disclosure;
fig. 3 schematically illustrates a flow chart for changing an initial private cloud to a registered private cloud according to an exemplary embodiment of the present disclosure;
fig. 4 schematically illustrates a flow chart for sending an interface access list for a first private cloud according to an exemplary embodiment of the present disclosure;
FIG. 5 schematically illustrates a flow chart for generating an interface call request of an interface call method according to an exemplary embodiment of the present disclosure;
FIG. 6 schematically illustrates a flow diagram of generating a call log record for an interface call method according to an exemplary embodiment of the present disclosure;
FIG. 7 schematically illustrates a block diagram of an interface invocation apparatus according to an exemplary embodiment of the present disclosure;
FIG. 8 schematically illustrates a block diagram of an electronic device according to an exemplary embodiment of the present disclosure;
fig. 9 schematically illustrates a schematic diagram of a computer-readable storage medium according to an exemplary embodiment of the present disclosure.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The same reference numerals denote the same or similar parts in the drawings, and thus, a repetitive description thereof will be omitted.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the disclosure. One skilled in the relevant art will recognize, however, that the subject matter of the present disclosure can be practiced without one or more of the specific details, or with other methods, components, devices, steps, and so forth. In other instances, well-known structures, methods, devices, implementations, materials, or operations are not shown or described in detail to avoid obscuring aspects of the disclosure.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. That is, these functional entities may be implemented in the form of software, or in one or more software-hardened modules, or in different networks and/or processor devices and/or microcontroller devices.
In the hybrid cloud mode, based on security considerations, private clouds cannot be directly connected for communication, and with increasing demands on business traffic among private cloud clusters, a connection scheme can be established to realize connection among the private clouds, so that information interaction is performed among the private clouds. At present, the functions of authentication and logging of API access can be usually realized through an API gateway, but in a hybrid cloud scenario, it is necessary to have authorization management and audit functions to realize mutual calling of API cores between private clouds. In addition, the private clouds are directly communicated through a virtual private network, the API call still needs to establish the authorization management and the auditing function, and if a plurality of private clouds are directly communicated, the management cost is very high.
Based on this, in this example embodiment, first, an interface calling method is provided, where the interface calling method may be implemented by a transit processing platform of a hybrid cloud cluster, the interface calling method of the present disclosure may be implemented by a server, and the method of the present disclosure may also be implemented by a terminal device, where the terminal described in the present disclosure may include a mobile terminal such as a mobile phone, a tablet computer, a notebook computer, a palm computer, a Personal Digital Assistant (PDA), and a fixed terminal such as a desktop computer. Fig. 1 schematically illustrates a schematic diagram of an interface invocation method flow, in accordance with some embodiments of the present disclosure. Referring to fig. 1, the interface calling method may include the steps of:
step S110, receiving an interface calling request sent by a first private cloud; the interface calling request comprises identity information and an interface access list of the first private cloud.
Step S120, the identity information is subjected to identity verification operation, and an identity verification result is determined.
Step S130, performing a list verification operation on the interface access list, and determining a list verification result.
Step S140, if the identity verification result and the list verification result both pass, sending the interface call request to the second private cloud.
Step S150, receiving response content for the interface call request sent by the second private cloud, so as to send the response content to the first private cloud.
According to the interface calling method in the embodiment of the example, on one hand, the private cloud and the central gateway are communicated, so that the multiple private clouds in the mixed cloud cluster can realize the mutual access of the API layer through the central gateway, and the problem that the private clouds cannot be directly communicated due to safety reasons can be effectively solved. On the other hand, the interface access list and the identity information in the interface calling request of the first private cloud are verified, if the verification is passed, the interface calling request is forwarded to the second private cloud so as to receive response content which is returned by the second private cloud and aims at the interface calling request, and the safety of information interaction between the private clouds is guaranteed through verification operation.
Next, the interface calling method in the present exemplary embodiment will be further explained.
In step S110, an interface call request sent by a first private cloud is received; the interface calling request comprises identity information and an interface access list of the first private cloud.
In some exemplary embodiments of the present disclosure, Public Clouds (Public Clouds) generally refer to Clouds that third party providers provide to users to enable use, and may be generally available through the Internet (Internet) and may be free or inexpensive, and a core property of the Public Clouds may be shared resource services. The public cloud, as a support platform, can also integrate upstream services, providers, and downstream end users, creating new value chains and ecosystems that enable customers to access and share the basic computer infrastructure, including hardware, storage, and bandwidth resources. Private clouds (PrivateClouds) are built for individual use by one customer and thus provide the most effective control over data, security and quality of service. Private clouds can be deployed within the firewall of an enterprise data center or they can be deployed in a secure host hosting site. The private cloud greatly guarantees the security problem. The hybrid cloud is a combination of two service modes, namely a public cloud and a Private cloud, and the public cloud and the Private cloud are connected by using a Virtual Private Network (VPN). The VPN may be a private network established over a public network for encrypted communications. The VPN is widely used in enterprise networks, and the VPN gateway can implement remote access by encrypting a data packet and converting a destination address of the data packet, and can be implemented in various ways such as a server, hardware, software, and the like. The disclosed interface calling method can be applied to a hybrid cloud cluster or a cluster consisting of private clouds. The interface calling method will be described in detail below by taking the hybrid cloud cluster as an example.
The first private cloud may be a private cloud that sends an interface call request in the hybrid cloud cluster, and the first private cloud may request access to APIs of other private clouds in the hybrid cloud cluster by sending the interface call request. The interface call request may be a request sent when acquiring APIs of other private clouds in the hybrid cloud cluster. The identity information may be information identifying a specific identity of the first private cloud in the mixed cloud cluster. The interface Access list, also called Access control lists (Access control lists), may be a control list for restricting Access to a limited portion of the content of the target service. Referring to fig. 2, fig. 2 schematically shows a system architecture diagram of an interface call method and a data flow diagram based on the system architecture. In the hybrid cloud cluster, switching platforms of different private clouds may be connected, and the switching platforms may include an application program interface center (i.e., an API processing center), an authorization center, and a central gateway. When the first private cloud has a request to access other APIs, an interface call request may be sent to a transit platform of the hybrid cloud cluster. The transfer platform can receive the interface calling request and acquire the identity information and the interface access list contained in the interface calling request.
According to some example embodiments of the present disclosure, a set of private clouds is determined; wherein the set of private clouds includes a plurality of initial private clouds; receiving a registration request of an initial private cloud; the registration request comprises interface calling information; performing registration operation aiming at the initial private cloud according to the interface calling information to generate a registered private cloud; wherein the registered private clouds include a first private cloud and a second private cloud. The private cloud set may be a set formed by all private clouds in the hybrid cloud cluster to be connected to the transit platform of the hybrid cloud cluster. The initial private cloud may be a private cloud that has not completed a registration operation in the transit platform of the hybrid cloud cluster and is therefore not connected in the transit platform. A plurality of initial private clouds may be included in the set of private clouds. The registration request may be a request sent by the initial private cloud to a transit platform in the hybrid cloud cluster to connect with the transit platform. The interface calling information can be information which is sent to the switching platform by the initial private cloud through the registration operation and can be provided for interfaces accessed or called by other private clouds in the hybrid cloud cluster. The registration operation may be an operation in which the transit platform connects the initial private cloud to the transit platform according to the registration request after receiving the registration request of the initial private cloud, and records interface information that can be shared to other private clouds, so that the other private clouds can access the shared interface. The registered private cloud may be a private cloud that has been accessed into the transit platform.
Referring to fig. 3, fig. 3 schematically illustrates a flow chart for changing an initial private cloud to a registered private cloud. In step S310, a set of private clouds is determined, and a plurality of initial private clouds included in the set of private clouds may be determined. Referring to fig. 2, in step S210, the initial private cloud may send a registration request to the transit platform. In step S320, when receiving the registration request of the initial private cloud, the transit platform may obtain interface call information included in the registration request, where the interface call information may include an API that is disclosed by the initial private cloud through the transit platform and that can be provided for other private cloud calls. The private cloud in the hybrid cloud cluster may register the API opened for access by the external cluster to the API center in an interface manner, and the information for registering the API may include: private cloud cluster names, API addresses, parameter formats, access methods, output content formats, authorization information, and the like. The authorization information may include a list of clusters that are allowed to be called, and the default may be all clusters or may be a list of clusters that are not allowed to be called. In step S330, after receiving the registration request sent by the initial private cloud, the transfer platform may record, according to the interface call information in the registration request, interfaces that each initial private cloud may provide to other private clouds for call, complete the registration operation for the initial private cloud, and convert the initial private cloud into a registered private cloud. The private clouds can not be directly communicated with each other, the private clouds can publish the target interfaces which can be shared to other private cloud clusters in the switching platform through the switching platform, and other private clouds can request to call the target interfaces to be accessed through the switching platform, so that the private clouds can complete registration operation in the switching platform.
It should be noted that the first private cloud and the second private cloud are only for distinguishing the caller and the provider of the target interface in the present exemplary embodiment, and no special limitation should be imposed on the present disclosure.
According to some exemplary embodiments of the present disclosure, a permission obtaining request for a first target interface sent by a first private cloud is received; whether the first private cloud is endowed with access authority for the first target interface is checked, and a checking result is determined; and if the auditing result is that the first private cloud passes, sending an interface access list to the first private cloud. The permission obtaining request may be a request sent to the transit platform when a private cloud in the hybrid cloud cluster requests to call some interface or interfaces of other private clouds, for example, the private cloud requesting the interface in this example embodiment may be the first private cloud. The first target interface may be an interface that the first private cloud requests access to. The auditing operation may be a transfer of the auditing operation by the platform of whether the first private cloud has access rights to the first target interface. The audit result may be a result corresponding to the audit operation. The interface Access list, also called Access Control Lists (ACLs), may be a Control list for restricting Access to a limited portion of the content of the target service, that is, the ACL may be an interface list corresponding to the first private cloud determined according to the audit result.
Referring to fig. 2, in step S220, the first private cloud may send an interface call request to the authorization center, and before the first private cloud calls a target interface of another private cloud cluster, it needs to obtain a call authorization of the first private cloud from another private cloud. Referring to fig. 4, fig. 4 schematically illustrates a flow chart of sending an interface access list for a first private cloud. In step S410, the first private cloud may send an authority obtaining request for the target API to the transit platform, where the authority obtaining request may include a target cluster name and a name of the target API; in step S420, the transfer platform may perform an auditing operation on the access right of the first private cloud; in step S430, after the verification operation of the permission obtaining request of the transfer platform on the first private cloud passes, the verification result may be determined as that verification passes, and an authorization ACL is sent to the first private cloud.
According to some exemplary embodiments of the present disclosure, an identity token of a first private cloud is determined, and an access token of the first private cloud is generated according to the identity token; generating identity information of the first private cloud according to the access token; determining a gateway address, a target cluster identifier and an interface identifier to be accessed, which correspond to the first private cloud; generating an interface access address according to the gateway address, the target cluster identifier and the interface identifier to be accessed, and storing the interface access address in an interface access list; and generating an interface calling request according to the identity information and the interface access list. A Token (Token) may represent an object of rights to perform certain operations, and an identity Token may be a Token with identity information of the first private cloud that may identify specific operations that may be performed by the first private cloud. An Access token (Access token) may represent a system object of the Access control operational principal, which may be obtained by the caller's identity token requesting the authorization center. The gateway address may be a gateway address corresponding to a target interface accessed by the first private cloud in the hybrid cloud cluster. The target cluster identifier may be an identifier of a cluster in which a target interface accessed by the first private cloud in the cluster in the hybrid cloud is located, and the target cluster identifier may uniquely determine one cluster, for example, the target cluster identifier may be a name of the target cluster, a number of the target cluster, and the like. The identifier of the interface to be accessed may be an identifier corresponding to a target interface to be accessed by the first private cloud, and may be, for example, an interface name. The interface access address may be a full directory address of a target interface to be accessed by the first private cloud. The interface access list may be a list containing one or more interface access addresses and other associated information for the interface access addresses.
Referring to fig. 5, fig. 5 schematically shows a flow chart for generating an interface call request. In step S510, before generating the interface call request, the caller may add an access token to the interface call request through an HTTP header of a HyperText Transfer Protocol (HTTP) in addition to the parameters corresponding to the API. In step S520, after the identity token of the first private cloud is determined, the identity token of the first private cloud may be generated into a corresponding access token according to the HTTP header, and identity information of the first private cloud is generated according to the access token. Further, in step S530, since the private clouds cannot be directly accessed, the request target API may be uniformly performed through the central gateway of the transit platform, and the interface access request is sent to the central gateway by using a uniform interface access address format, for example, in this exemplary embodiment, the interface access address may be generated according to a gateway address, a target cluster identifier, and an interface identifier to be accessed, for example, the format of the interface access address may be: http:// $ gateway/$ cluster/$ api; where $ gateway may be the access address of the central gateway, $ cluster may be the address of the target cluster, and $ API may be the target API path to access. In step S540, after the interface access address to be accessed is generated according to the interface access address format, the interface access address may be stored in the interface access list. In step S550, a corresponding interface access request may be generated according to the identity information and the interface access address of the private cloud (caller). Through steps S510 to S550, an interface calling process sent by the first private cloud to the transit platform in step S230 in fig. 2 may be performed.
It should be noted that "$" may be a prefix identifier of a gateway address, a target cluster identifier, and an interface identifier to be accessed, and other special symbols may be used to replace "$" to achieve the same identification function, such as "@", "&", "@".
In step S120, an authentication operation is performed on the identity information, and an authentication result is determined.
In some example embodiments of the present disclosure, the authentication operation may be an authentication operation performed with respect to identity information of the first private cloud. The identity verification result may be a corresponding result obtained after the identity information of the first private cloud is verified. When the switching platform receives the interface calling request of the first private cloud, the central gateway of the switching platform can read the access token in the interface calling request, and verify the information contained in the access token to obtain a verification result.
According to some example embodiments of the present disclosure, validity period information of the access token and a token signature in the identity token are determined; and verifying the validity period information and the token signature so as to perform identity verification operation. The validity period information may be information representing a validity period of the access token, and in some application scenarios, a corresponding validity period may be set for the access token. The token signature may be a signature corresponding to the access token. The authentication operation may be a verification operation performed on the identity information of the first private cloud, for example, the authentication operation may be verifying validity period information of an access token of the first private cloud and verifying a token signature of the access token. Determining a token signature in the access token, wherein the token signature can be encrypted by adopting a private key, checking the validity of the token signature in the access token, and the central gateway can reject a request with a non-conforming token signature. In addition, if the access token sets the validity period, the central gateway can verify the validity period of the access token, and the central gateway can reject requests with inconsistent token validity periods.
In step S130, a list verification operation is performed on the interface access list, and a list verification result is determined.
In some example embodiments of the present disclosure, the list verification operation may be a verification operation for an interface access list of an interface call request of the first private cloud. The list verification result may be a result corresponding to the list verification operation. When the interface access list in the interface access request is determined, the list verification operation can be carried out on the interface access list, and a list verification result corresponding to the list verification operation is determined.
According to some exemplary embodiments of the present disclosure, determining a second target interface contained in the interface access list; and judging whether the first private cloud has the access right for the second private cloud and the second target interface so as to perform list verification operation. The second target interface may be a target interface included in the interface access list. The second private cloud may be a private cloud where a target interface to be accessed by the first private cloud is located. The list validation operation may be a validation operation by the transit center for the interface access list.
The interface access list, i.e. ACL, may be used for the central gateway to check whether the caller has the right to request the target cluster, target API. Specifically, the ACL elements may include: identity information of the caller (first private cloud), the target cluster, the target API, and the calling method employed. The central gateway can check whether the caller has a valid ACL for the target cluster, the target API and the adopted calling method by inquiring an ACL library of the authorization center, and perform list verification operation aiming at the above contents.
In step S140, if the identity verification result and the list verification result both pass, the interface call request is sent to the second private cloud.
In some exemplary embodiments of the present disclosure, the authentication result may be a result corresponding to the authentication operation. The list verification result may be a result corresponding to a verification operation performed on the interface access list. The identity verification result and the list verification result respectively comprise a pass condition and a fail condition. Referring to fig. 2, in step S240, only when the identity verification result is pass and the list verification result is pass, the transit center may send an interface call request to the second private cloud so as to obtain the relevant information from the second private cloud. When either the identity verification result or the list verification result is not passed, the interface access request is rejected.
In step S150, response content for the interface call request sent by the second private cloud is received to send the response content to the first private cloud.
In some exemplary embodiments of the present disclosure, the response content may be content obtained from the target interface determined by the second private cloud with respect to the interface call request of the first private cloud. When the authentication result of the first private cloud is passed and the list authentication operation is passed, the interface call request of the caller is forwarded to the target cluster in the HTTP proxy manner. In this example embodiment, the interface call request of the first private cloud will be forwarded to the second private cloud in the form of an HTTP proxy. After receiving the interface calling request of the first private cloud, the second private cloud determines response content corresponding to the interface calling request and sends the response content to the switching platform, and the switching platform can send the received response content to the first private cloud.
According to some exemplary embodiments of the present disclosure, a response transmission time to transmit response content is determined; generating response information according to the response content and the response sending time; and generating a call log record according to the interface call request and the response information so as to audit the call log record. The response sending time can include the sending time of the first private cloud sending the interface calling request, and can also include the response time of the second private cloud returning response content for the interface calling request. The response information may be information returned by the target cluster for the caller's interface call request. The call log record may be a log-form record generated for a series of operations that a caller generates by calling a target interface in the target private cloud. The audit operation may be a subsequent audit or audit operation performed on the generated call log record.
Referring to fig. 2, in step S250, the central gateway of the transit platform may forward the interface call request to the target cluster as an HTTP proxy and wait for the response information of the target cluster to return, and in step S260, the central gateway may forward the returned response information to the caller at the request end and record a call log. Specifically, the log field may include: request time, response time, caller cluster, target API, request method, request length, return length, elapsed time, and the like. In addition, the call log record may also record the interface call request and the returned content itself. Referring to FIG. 6, FIG. 6 schematically illustrates a flow diagram for generating a call log record for an interface call method. In step S610, the central gateway may determine a corresponding sending time of the response content; in step S620, corresponding response information may be generated according to the response content and the response transmission time; in step S630, a call log record may be generated according to the interface call request and the response information, so as to perform an audit operation on the response content subsequently, and determine whether the content accessed by the first private cloud through the target interface is the same as or meets the specification of the actually returned response content.
It should be noted that the terms "first", "second", and the like, are used in this disclosure only for distinguishing different private clouds or different target interfaces in the mixed cloud cluster, and should not impose any limitation on this disclosure.
In conclusion, an interface calling request sent by the first private cloud is received; the interface calling request comprises identity information and an interface access list of the first private cloud; performing identity authentication operation on the identity information, and determining an identity authentication result; performing list verification operation on the interface access list and determining a list verification result; if the identity verification result and the list verification result are both passed, sending the interface calling request to a second private cloud; and receiving response content sent by the second private cloud and aiming at the interface calling request so as to send the response content to the first private cloud. On one hand, as private clouds in the prior art cannot be directly communicated due to security reasons, the private clouds and other private clouds to be interconnected are communicated with the central gateway in an API mode, so that the access mode is safer and more convenient; and multiple private clouds achieve API level mutual access through the central gateway. On the other hand, when interfaces between private clouds are called, a globally uniform API calling mode can be adopted, so that the calling mode in the whole cluster is simple and easy to use. In another aspect, the calling mode of the private cloud for the target cluster, the target API and the specific method can be authorized through the ACL mode, so that the API calling is subjected to the processes of access authorization, identity verification, ACL check and the like, and the safety of the API calling is guaranteed.
It is noted that although the steps of the methods of the present invention are depicted in the drawings in a particular order, this does not require or imply that the steps must be performed in this particular order, or that all of the depicted steps must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions, etc.
In addition, in the present exemplary embodiment, an interface calling apparatus is also provided. Referring to fig. 7, the interface calling apparatus 700 may include: a request receiving module 710, an identity verification module 720, a list verification module 730, a request sending module 740, and a response content sending module 750.
Specifically, the request receiving module 710 may be configured to receive an interface call request sent by a first private cloud; the interface calling request comprises identity information and an interface access list of the first private cloud; the identity authentication module 720 may be configured to perform an identity authentication operation on the identity information and determine an identity authentication result; the list verification module 730 may be configured to perform a list verification operation on the interface access list and determine a list verification result; the request sending module 740 may be configured to send the interface call request to the second private cloud if the identity verification result and the list verification result both pass; the response content sending module 750 may be configured to receive response content sent by the second private cloud for the interface invocation request, so as to send the response content to the first private cloud.
The interface calling device 700 can receive an interface calling request containing identity information and an interface access list sent by a first private cloud, and can communicate the private cloud with a central gateway, so that multiple private clouds in a mixed cloud cluster can realize mutual access of an API (application program interface) layer through the central gateway, and the problem that the private clouds cannot be communicated directly due to safety reasons can be effectively solved. The method comprises the steps of carrying out identity verification operation on identity information and carrying out list verification operation on an interface access list, when the identity verification operation or the list verification operation is passed, sending an interface calling request to a second private cloud, sending response content of the received second private cloud to the interface calling request to a first private cloud, and ensuring the safety of information interaction between the private clouds through the verification operation.
In an exemplary embodiment of the present disclosure, the interface invoking device further includes a registration module, configured to determine a private cloud set; wherein the set of private clouds includes a plurality of initial private clouds; receiving a registration request of an initial private cloud; the registration request comprises interface calling information; performing registration operation aiming at the initial private cloud according to the interface calling information to generate a registered private cloud; wherein the registered private clouds include a first private cloud and a second private cloud.
In an exemplary embodiment of the present disclosure, the registration module includes an auditing unit, configured to receive a permission obtaining request for a first target interface, where the permission obtaining request is sent by a first private cloud; whether the first private cloud is endowed with access authority for the first target interface is checked, and a checking result is determined; and if the auditing result is that the first private cloud passes, sending an interface access list to the first private cloud.
In an exemplary embodiment of the present disclosure, the interface invoking device further includes a request generating module, configured to determine an identity token of the first private cloud, and generate an access token of the first private cloud according to the identity token; generating identity information of the first private cloud according to the access token; determining a gateway address, a target cluster identifier and an interface identifier to be accessed, which correspond to the first private cloud; generating an interface access address according to the gateway address, the target cluster identifier and the interface identifier to be accessed, and storing the interface access address in an interface access list; and generating an interface calling request according to the identity information and the interface access list.
In an exemplary embodiment of the disclosure, the identity verification module comprises an identity verification unit for determining validity period information of the access token and a token signature in the identity token; and verifying the validity period information and the token signature so as to perform identity verification operation.
In an exemplary embodiment of the present disclosure, the list verification module includes a list verification unit for determining a second target interface included in the interface access list; and judging whether the first private cloud has the access right for the second private cloud and the second target interface so as to perform list verification operation.
In an exemplary embodiment of the present disclosure, the interface invoking device further includes a log recording module, configured to determine a response sending time for sending the response content; generating response information according to the response content and the response sending time; and generating a call log record according to the interface call request and the response information so as to audit the call log record.
The specific details of each virtual interface calling device module are already described in detail in the corresponding interface calling method, and therefore are not described herein again.
It should be noted that although in the above detailed description several modules or units of the interface invoking means are mentioned, this division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit, according to embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units.
In addition, in an exemplary embodiment of the present disclosure, an electronic device capable of implementing the above method is also provided.
As will be appreciated by one skilled in the art, aspects of the present invention may be embodied as a system, method or program product. Thus, various aspects of the invention may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" system.
An electronic device 800 according to such an embodiment of the invention is described below with reference to fig. 8. The electronic device 800 shown in fig. 8 is only an example and should not bring any limitations to the function and scope of use of the embodiments of the present invention.
As shown in fig. 8, electronic device 800 is in the form of a general purpose computing device. The components of the electronic device 800 may include, but are not limited to: the at least one processing unit 810, the at least one memory unit 820, a bus 830 connecting different system components (including the memory unit 820 and the processing unit 810), and a display unit 840.
Wherein the storage unit stores program code that is executable by the processing unit 810 to cause the processing unit 810 to perform steps according to various exemplary embodiments of the present invention as described in the "exemplary methods" section above in this specification.
The storage unit 820 may include readable media in the form of volatile storage units, such as a random access storage unit (RAM) 821 and/or a cache storage unit 822, and may further include a read only storage unit (ROM) 823.
Storage unit 820 may include a program/utility 824 having a set (at least one) of program modules 825, such program modules 825 include, but are not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
Bus 830 may be any of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The electronic device 800 may also communicate with one or more external devices 870 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 800, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device 800 to communicate with one or more other computing devices. Such communication may occur via input/output (I/O) interfaces 850. Also, the electronic device 800 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the internet) via the network adapter 860. As shown, the network adapter 860 communicates with the other modules of the electronic device 800 via the bus 830. It should be appreciated that although not shown, other hardware and/or software modules may be used in conjunction with the electronic device 800, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a terminal device, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.
In an exemplary embodiment of the present disclosure, there is also provided a computer-readable storage medium having stored thereon a program product capable of implementing the above-described method of the present specification. In some possible embodiments, aspects of the invention may also be implemented in the form of a program product comprising program code means for causing a terminal device to carry out the steps according to various exemplary embodiments of the invention described in the above-mentioned "exemplary methods" section of the present description, when said program product is run on the terminal device.
Referring to fig. 9, a program product 900 for implementing the above method according to an embodiment of the present invention is described, which may employ a portable compact disc read only memory (CD-ROM) and include program code, and may be run on a terminal device, such as a personal computer. However, the program product of the present invention is not limited in this regard and, in the present document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
A computer readable signal medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
Furthermore, the above-described figures are merely schematic illustrations of processes involved in methods according to exemplary embodiments of the invention, and are not intended to be limiting. It will be readily understood that the processes shown in the above figures are not intended to indicate or limit the chronological order of the processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, e.g., in multiple modules.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It will be understood that the present disclosure is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is to be limited only by the terms of the appended claims.

Claims (10)

1. An interface calling method, comprising:
receiving an interface calling request sent by a first private cloud; wherein the interface invocation request includes identity information and an interface access list of the first private cloud; the interface access list comprises a target cluster identifier and a target interface identifier, the interface access list is used for verifying whether the first private cloud has the authority of calling the target cluster and the target interface, and the target cluster comprises a second private cloud;
performing identity authentication operation on the identity information, and determining an identity authentication result;
performing list verification operation on the interface access list and determining a list verification result;
if the identity verification result and the list verification result both pass, sending the interface calling request to the second private cloud;
receiving response content sent by the second private cloud aiming at the interface calling request so as to send the response content to the first private cloud.
2. The interface call method according to claim 1, wherein prior to said receiving the interface call request sent by the first private cloud, the method further comprises:
determining a private cloud set; wherein the set of private clouds includes a plurality of initial private clouds;
receiving a registration request of the initial private cloud; wherein the registration request comprises interface calling information;
performing registration operation aiming at the initial private cloud according to the interface calling information to generate a registered private cloud; wherein the registered private cloud comprises the first private cloud and the second private cloud.
3. The interface call method as recited in claim 2 wherein after said generating a registered private cloud, said method further comprises:
receiving an authority acquisition request aiming at a first target interface and sent by the first private cloud;
whether the first private cloud is endowed with the access right for the first target interface is checked, and a checking result is determined;
and if the auditing result is that the first private cloud passes, sending the interface access list to the first private cloud.
4. The interface call method according to claim 1, wherein prior to said receiving the interface call request sent by the first private cloud, the method further comprises:
determining an identity token of the first private cloud, and generating an access token of the first private cloud according to the identity token;
generating identity information of the first private cloud according to the access token;
determining a gateway address, a target cluster identifier and an interface identifier to be accessed, which correspond to the first private cloud;
generating an interface access address according to the gateway address, the target cluster identifier and the interface identifier to be accessed, and storing the interface access address in the interface access list;
and generating the interface calling request according to the identity information and the interface access list.
5. The interface invocation method according to claim 4, wherein the performing an authentication operation on the identity information includes:
determining validity period information of the access token and a token signature in the identity token;
and verifying the validity period information and the token signature so as to perform the identity verification operation.
6. The interface call method according to claim 4, wherein said performing a list validation operation on said interface access list comprises:
determining a second target interface contained in the interface access list;
and judging whether the first private cloud has the access right aiming at the second private cloud and the second target interface so as to carry out the list verification operation.
7. The interface call method according to claim 1, wherein the method further comprises:
determining a response transmission time for transmitting the response content;
generating response information according to the response content and the response sending time;
and generating a call log record according to the interface call request and the response information so as to perform auditing operation on the call log record.
8. An interface invocation apparatus, comprising:
the request receiving module is used for receiving an interface calling request sent by a first private cloud; wherein the interface invocation request includes identity information and an interface access list of the first private cloud; the interface access list comprises a target cluster identifier and a target interface identifier, the interface access list is used for verifying whether the first private cloud has the authority of calling the target cluster and the target interface, and the target cluster comprises a second private cloud;
the identity authentication module is used for carrying out identity authentication operation on the identity information and determining an identity authentication result;
the list verification module is used for performing list verification operation on the interface access list and determining a list verification result;
a request sending module, configured to send the interface call request to the second private cloud if the identity verification result and the list verification result both pass;
a response content sending module, configured to receive response content sent by the second private cloud for the interface call request, so as to send the response content to the first private cloud.
9. An electronic device, comprising:
a processor; and
a memory having stored thereon computer readable instructions which, when executed by the processor, implement the interface call method according to any one of claims 1 to 7.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, implements the interface call method according to any one of claims 1 to 7.
CN202010029745.6A 2020-01-13 2020-01-13 Interface calling method and device, electronic equipment and computer readable storage medium Active CN110839087B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010029745.6A CN110839087B (en) 2020-01-13 2020-01-13 Interface calling method and device, electronic equipment and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010029745.6A CN110839087B (en) 2020-01-13 2020-01-13 Interface calling method and device, electronic equipment and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN110839087A CN110839087A (en) 2020-02-25
CN110839087B true CN110839087B (en) 2020-06-19

Family

ID=69578665

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010029745.6A Active CN110839087B (en) 2020-01-13 2020-01-13 Interface calling method and device, electronic equipment and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN110839087B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113691575A (en) * 2020-05-18 2021-11-23 华为技术有限公司 Communication method, device and system
CN111866091B (en) * 2020-06-30 2023-10-31 海尔优家智能科技(北京)有限公司 Method, device, server and system for cloud platform information interaction
CN113761503B (en) * 2020-09-14 2024-05-17 北京沃东天骏信息技术有限公司 Interface call processing method and device
CN112383557B (en) * 2020-11-17 2023-06-20 北京明朝万达科技股份有限公司 Safety access gateway and industrial equipment communication management method
CN112199220B (en) * 2020-12-01 2021-03-02 蚂蚁智信(杭州)信息技术有限公司 API gateway-based data calling method and API gateway
CN112733103A (en) * 2021-01-11 2021-04-30 浪潮云信息技术股份公司 Interface access control method and device
CN114285852B (en) * 2021-12-28 2023-12-26 杭州数梦工场科技有限公司 Service calling method and device based on multi-stage service platform
CN115396276A (en) * 2022-08-04 2022-11-25 重庆长安汽车股份有限公司 Method, device, equipment and medium for processing internet platform interface document

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109510846A (en) * 2017-09-14 2019-03-22 北京金山云网络技术有限公司 API Calls system, method, apparatus, electronic equipment and storage medium
CN110334489A (en) * 2019-07-12 2019-10-15 广州大白互联网科技有限公司 A kind of unified single sign-on system and method
CN110636115A (en) * 2019-08-29 2019-12-31 平安医疗健康管理股份有限公司 Cross-cloud service calling processing method, gateway server and requester server
CN110679131A (en) * 2018-04-02 2020-01-10 甲骨文国际公司 Data replication conflict detection and resolution scheme for multi-tenant identity cloud service

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10127317B2 (en) * 2014-09-18 2018-11-13 Red Hat, Inc. Private cloud API
CN104967515B (en) * 2015-06-25 2019-03-22 广州杰赛科技股份有限公司 A kind of identity identifying method and server
US10331505B2 (en) * 2016-06-30 2019-06-25 Microsoft Technology Licensing, Llc. Application programming interface (API) hub
CN106101258B (en) * 2016-07-08 2021-05-25 腾讯科技(深圳)有限公司 Interface calling method, device and system of hybrid cloud
CN107181808B (en) * 2017-06-01 2020-05-08 安徽祥云科技有限公司 Private cloud system and operation method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109510846A (en) * 2017-09-14 2019-03-22 北京金山云网络技术有限公司 API Calls system, method, apparatus, electronic equipment and storage medium
CN110679131A (en) * 2018-04-02 2020-01-10 甲骨文国际公司 Data replication conflict detection and resolution scheme for multi-tenant identity cloud service
CN110334489A (en) * 2019-07-12 2019-10-15 广州大白互联网科技有限公司 A kind of unified single sign-on system and method
CN110636115A (en) * 2019-08-29 2019-12-31 平安医疗健康管理股份有限公司 Cross-cloud service calling processing method, gateway server and requester server

Also Published As

Publication number Publication date
CN110839087A (en) 2020-02-25

Similar Documents

Publication Publication Date Title
CN110839087B (en) Interface calling method and device, electronic equipment and computer readable storage medium
CN108923908B (en) Authorization processing method, device, equipment and storage medium
US8856957B1 (en) Federated identity broker
CN112131021B (en) Access request processing method and device
US11658963B2 (en) Cooperative communication validation
US10963869B2 (en) System and method of cryptographically provable zero knowledge social networking
CN103716326A (en) Resource access method and URG
US10574699B1 (en) Load balancer request processing
CN112583834B (en) Method and device for single sign-on through gateway
WO2023071460A1 (en) Data exchange method, system and apparatus, and device
CN114785590A (en) Login method, device, equipment and storage medium
JP6249964B2 (en) Real-time dialogue in communication networks
CN112541828B (en) System, method, device, processor and storage medium for realizing open securities management and open securities API access control
CN109274699A (en) Method for authenticating, device, server and storage medium
CN116170234B (en) Single sign-on method and system based on virtual account authentication
WO2023071731A1 (en) Data security protection system
CN114006757B (en) Access control method, device, architecture, medium and equipment for GIS service
KR101042110B1 (en) Device for relaying open source using enterprise service bus, and method and system equipped therewith, and the recording media storing the program performing the said method
CN115378645A (en) Verification method and system based on unified authentication of electric power marketing management system
US11593077B1 (en) Method and apparatus of code management
US11637781B1 (en) Method, apparatus and system for managing traffic data of client application
US11586773B1 (en) Method, apparatus for managing recommendation policy
CN111935125B (en) Authentication method and device based on distributed architecture and micro-service system
CN116582362B (en) Network access control method and device, electronic equipment and storage medium
US11909720B2 (en) Secure remote support of systems deployed in a private network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant