CN113609520A - Interface calling method, device, equipment and computer readable storage medium - Google Patents
Interface calling method, device, equipment and computer readable storage medium Download PDFInfo
- Publication number
- CN113609520A CN113609520A CN202110832715.3A CN202110832715A CN113609520A CN 113609520 A CN113609520 A CN 113609520A CN 202110832715 A CN202110832715 A CN 202110832715A CN 113609520 A CN113609520 A CN 113609520A
- Authority
- CN
- China
- Prior art keywords
- user account
- calling
- interface
- request
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 80
- 238000012795 verification Methods 0.000 claims abstract description 75
- 230000008569 process Effects 0.000 claims abstract description 30
- 238000004364 calculation method Methods 0.000 claims description 16
- 238000013475 authorization Methods 0.000 claims 1
- 238000004891 communication Methods 0.000 description 14
- 238000012545 processing Methods 0.000 description 14
- 238000004590 computer program Methods 0.000 description 12
- 238000010586 diagram Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 4
- 230000002159 abnormal effect Effects 0.000 description 3
- 238000004422 calculation algorithm Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 238000005242 forging Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000005856 abnormality Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- User Interface Of Digital Computer (AREA)
Abstract
The embodiment of the disclosure provides an interface calling method, an interface calling device, interface calling equipment and a computer-readable storage medium. The method is applied to a server, the server deploys at least one interface, and the method comprises the following steps: acquiring a calling request for calling a target interface in at least one interface by calling equipment, wherein the calling request comprises a user account, a user key and service parameters; according to the user account and the user key, carrying out validity verification on the user account; under the condition that the user account passes the validity verification, performing authority verification on the user account according to the user account and the interface identifier of the target interface; and calling the target interface to process the service parameters under the condition that the user account passes the authority verification. In this way, the legality verification can be directly carried out on the user account based on the user account and the user key, the authority verification is carried out on the user account based on the user account and the interface identification, and the safety of interface calling is improved through the combination of the legality verification and the authority verification.
Description
Technical Field
The present disclosure relates to the field of communications, and in particular, to the field of interface invocation techniques.
Background
Many platform products are currently on the market, and provide services with specific functions for a caller, such as Application Programming Interface (API), by providing an Interface open to the outside for the caller to call.
When the interface is called by the calling device, the calling request needs to be verified so as to avoid the interface from being arbitrarily attacked by a malicious user, and the interface call is generally verified based on the token, but the token is easy to intercept, so that the interface usually has a risk of being maliciously called.
Disclosure of Invention
The disclosure provides an interface calling method, an interface calling device, an interface calling equipment and a computer readable storage medium, which can improve the safety of interface calling.
In a first aspect, an embodiment of the present disclosure provides an interface calling method, where the method is applied to a server, and the server deploys at least one interface, and the method includes:
acquiring a calling request for calling a target interface in at least one interface by calling equipment, wherein the calling request comprises a user account, a user key and service parameters;
according to the user account and the user key, carrying out validity verification on the user account;
under the condition that the user account passes the validity verification, performing authority verification on the user account according to the user account and the interface identifier of the target interface;
and calling the target interface to process the service parameters under the condition that the user account passes the authority verification.
In some implementation manners of the first aspect, performing validity verification on the user account according to the user account and the user key includes:
and determining that the user account passes the validity verification under the condition that the corresponding relation between the user account and the user key exists in the preset user account and user key file.
In some implementation manners of the first aspect, performing permission verification on the user account according to the user account and the interface identifier of the target interface includes:
and under the condition that the corresponding relation between the user account and the interface identifier exists in the preset interface authority file, determining that the user account passes the authority verification.
In some implementation manners of the first aspect, the invoking request further includes a sending time of the invoking request, and the verifying the validity of the user account according to the user account and the user key includes:
calculating the time difference between the sending time and the receiving time of the calling request;
and under the condition that the time difference is less than or equal to the preset time length threshold, carrying out validity verification on the user account according to the user account and the user key.
In some implementations of the first aspect, the invoking request further includes a request identifier of the invoking request, and the invoking the target interface processes the service parameter, including:
and under the condition that the request identifier does not exist in the preset request identifier file, calling the target interface to process the service parameter, and adding the request identifier to the request identifier file.
In some realizations of the first aspect, the invocation request further includes a first digital signature, where the first digital signature is obtained by the invocation device performing hash calculation on data in the invocation request except for the first digital signature;
calling a target interface to process service parameters, comprising:
performing hash calculation on data except the first digital signature in the calling request to obtain a second digital signature;
and in the case that the first digital signature is the same as the second digital signature, calling the target interface to process the service parameter.
In some implementations of the first aspect, invoking the target interface to process the service parameter includes:
acquiring the calling times of calling a target interface by calling equipment in a preset time period and the geographic position of the calling equipment;
and under the condition that the calling times are less than or equal to a preset time threshold value and the geographic position of the calling equipment is located in a preset area, calling the target interface to process the service parameters.
In a second aspect, an embodiment of the present disclosure provides an interface invoking device, where the interface invoking device is applied to a server, and the server deploys at least one interface, where the interface invoking device includes:
the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring a calling request of calling a target interface in at least one interface by calling equipment, and the calling request comprises a user account, a user key and service parameters;
the verification module is used for verifying the legality of the user account according to the user account and the user key;
the verification module is used for verifying the authority of the user account according to the user account and the interface identifier of the target interface under the condition that the user account passes the validity verification;
and the calling module is used for calling the target interface to process the service parameters under the condition that the user account passes the authority verification.
In a third aspect, an embodiment of the present disclosure provides an electronic device, including: at least one processor; and a memory communicatively coupled to the at least one processor; the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method as described above.
In a fourth aspect, the disclosed embodiments provide a non-transitory computer readable storage medium having stored thereon computer instructions for causing a computer to perform the method as described above.
In a fifth aspect, the disclosed embodiments provide a computer program product comprising a computer program that, when executed by a processor, implements a method as described above.
In the disclosure, a server may obtain a call request for calling a target interface by a call device, where the call request includes a user account, a user key, and a service parameter, and then, according to the user account and the user key, perform validity verification on the user account, when the user account passes the validity verification, perform permission verification on the user account according to the user account and an interface identifier of the target interface, and when the user account passes the permission verification, call the target interface to process the service parameter. Therefore, the legality of the user account can be verified directly based on the user account and the user key, the authority of the user account can be verified based on the user account and the interface identifier, and the interface calling safety is improved through the combination of the legality verification and the authority verification.
It should be understood that the statements herein reciting aspects are not intended to limit the critical or essential features of the embodiments of the present disclosure, nor are they intended to limit the scope of the present disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The above and other features, advantages and aspects of various embodiments of the present disclosure will become more apparent by referring to the following detailed description when taken in conjunction with the accompanying drawings. The accompanying drawings are included to provide a further understanding of the present disclosure, and are not intended to limit the disclosure thereto, and the same or similar reference numerals will be used to indicate the same or similar elements, where:
FIG. 1 illustrates a schematic diagram of an exemplary operating environment in which embodiments of the present disclosure can be implemented;
FIG. 2 is a flow chart illustrating an interface calling method according to an embodiment of the present disclosure;
FIG. 3 is a flow chart illustrating another interface calling method provided by the embodiments of the present disclosure;
fig. 4 is a block diagram illustrating an interface invoking device provided by an embodiment of the present disclosure;
FIG. 5 illustrates a block diagram of an exemplary electronic device capable of implementing embodiments of the present disclosure.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present disclosure more clear, the technical solutions of the embodiments of the present disclosure will be described clearly and completely with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are some, but not all embodiments of the present disclosure. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
In addition, the term "and/or" herein is only one kind of association relationship describing an associated object, and means that there may be three kinds of relationships, for example, a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
In order to solve the problems in the background art, embodiments of the present disclosure provide an interface calling method, an interface calling apparatus, a device, and a computer-readable storage medium. Specifically, the server may obtain a call request for calling the target interface by the call device, where the call request includes a user account, a user key, and service parameters, and then perform validity verification on the user account according to the user account and the user key, perform permission verification on the user account according to the user account and interface identifiers of the target interface when the user account passes the validity verification, and call the target interface to process the service parameters when the user account passes the permission verification. Therefore, the legality of the user account can be verified directly based on the user account and the user key, the authority of the user account can be verified based on the user account and the interface identifier, and the interface calling safety is improved through the combination of the legality verification and the authority verification.
The interface calling method, apparatus, device and computer-readable storage medium provided by the embodiments of the present disclosure are described in detail by specific embodiments in conjunction with the accompanying drawings.
Fig. 1 illustrates a schematic diagram of an exemplary runtime environment 100 in which embodiments of the present disclosure can be implemented, as shown in fig. 1, the runtime environment 100 may include a calling device 110 and a server 120, and the present disclosure is not limited herein.
The invoking device 110 may be a mobile electronic device or a non-mobile electronic device. For example, the Mobile terminal device may be a Mobile phone, a tablet Computer, a notebook Computer, a palmtop Computer, an Ultra-Mobile Personal Computer (UMPC), or the like, and the non-Mobile terminal device may be a Personal Computer (PC), a server, a Network Attached Storage (NAS), a television, or the like.
The server 120 may be a single server, a cluster of servers, a cloud server, or the like, having at least one interface, such as a plurality of API interfaces or a Java Web interface, deployed thereon.
As shown in fig. 1, a communication connection exists between the calling device 110 and the server 120. The communication mode may be wired communication or wireless communication, for example, the calling device 110 communicates with the server 120 through Wi-Fi.
As one example, the calling device 110 may send a call request to the server 120 to call a target interface of the at least one interface. The invoking request may include a user account, a user key, and service parameters, for example, the user account may be an account of a user using the invoking device, the user key may be a key corresponding to the user account, and the service parameters may be related parameters of a service supported by the target interface.
In response to the invocation request, the server 120 may perform validity verification on the user account according to the user account and the user key, that is, verify whether the user account is valid, perform permission verification on the user account according to the user account and the interface identifier of the target interface under the condition that the user account passes the validity verification, that is, verify whether the user account has the invocation permission of the target interface, and invoke the target interface to process the service parameter under the condition that the user account passes the permission verification.
The interface calling method provided by the embodiment of the present disclosure will be described in detail below, wherein the execution subject of the interface calling method may be the server 120 shown in fig. 1.
Fig. 2 shows a flowchart of an interface calling method 200 provided by an embodiment of the present disclosure, and as shown in fig. 2, the interface calling method 200 may be applied to a server deployed with at least one interface, and includes the following steps:
s210, obtaining a calling request of calling equipment for calling a target interface in at least one interface.
The invoking request includes a user account, a user key, and service parameters, for example, the user account may be an account of a user using the invoking device, the user key may be a key corresponding to the user account, and the service parameters may be related parameters of a service supported by the target interface.
And S220, performing validity verification on the user account according to the user account and the user key.
In some embodiments, the invocation request may also include a transmission time, i.e., a timestamp, of the invocation request. The time difference between the sending time and the receiving time of the calling request can be calculated, and the validity of the user account is verified according to the user account and the user key under the condition that the time difference is smaller than or equal to a preset time threshold. Otherwise, determining that the interface calling is abnormal due to time-out. Therefore, an attacker can be prevented from sending the intercepted call request to the server for flow attack for a long time without moving, and the safety of interface call is improved.
As an example, a preset user account and a user key file may be searched, where the user account and the user key file are used to store a corresponding relationship between a user account and a user key of a registered user. And determining that the user account passes the validity verification under the condition that the corresponding relation between the user account and the user key in the calling request exists in the user account and user key file. Otherwise, determining that the user account is illegal and abnormal. Therefore, whether the user account passes the validity verification or not can be accurately determined based on the user account and the user key file, an attacker is prevented from forging data to carry out malicious requests, and the safety of interface calling is improved.
And S230, under the condition that the user account passes the validity verification, performing authority verification on the user account according to the user account and the interface identifier of the target interface.
In some embodiments, a preset interface authority file may be searched, where the interface authority file is used to store a correspondence between a user account of a registered user and an interface identifier of an interface. And under the condition that the corresponding relation between the user account and the interface identifier in the calling request exists in the interface authority file, determining that the user account passes the authority verification. Otherwise, determining that the authority of the user account is abnormal. Therefore, whether the user account passes the authority verification or not can be accurately determined based on the interface authority file, malicious requests of attackers for forging data are avoided, the interface calling safety is improved, and meanwhile, the authority is convenient to manage.
S240, under the condition that the user account passes the authority verification, a target interface is called to process the service parameters.
In some embodiments, the invocation request may also include a request identification of the invocation request, the request identification being used to uniquely identify the invocation request. The preset request identification file can be searched, wherein the request identification file is used for storing the request identification of the calling request acquired for the first time. Under the condition that the request identifier does not exist in the request identifier file, the call request acquired at this time can be determined to be the call request acquired at the first time, and further the target interface processing service parameter can be called, and the request identifier is added to the request identifier file. Otherwise, it may be determined that the service parameter in the call request is processed or is being processed, a processing result may be queried, if the processing result exists, the processing result is sent to the calling device, and if the processing result does not exist, it is determined that the request identifier is repeated, that is, the call request is repeated. Therefore, whether the calling request is acquired for the first time can be determined based on the request identifier, the interface playback phenomenon is avoided, and the interface calling efficiency is improved.
It is understood that the storage time of the request identifier in the request identifier file is generally greater than or equal to the preset time threshold in S220.
In other embodiments, the invocation request may further include a first digital signature, where the first digital signature is obtained by the invocation device performing a hash calculation on data in the invocation request other than the first digital signature. Specifically, the invoking device may perform hash calculation on data in the invocation request except for the first digital signature according to a preset invocation request calculation rule to obtain the first digital signature.
For example, keys and values of the partial data except the first digital signature in the call request may be concatenated with equal numbers (e.g., key value), to obtain key value pairs of the data, the key value pairs of the data may be concatenated with the symbol "&" according to a preset concatenation order, and the concatenated character string may be hashed according to a hash algorithm agreed with the server, such as MD5 algorithm, to obtain the first digital signature.
For example, the invocation request includes: the system comprises a user account, a user key, service parameters, a sending time, a request identifier and a first digital signature. The Key of the user account is accessAccount, Value is xyz123, the Key of the user Key is accessKey, Value is ddd123456, the service parameters include 3 parameters, which are respectively parameter a, parameter b and parameter c, the Key of parameter a is a, Value is 1, the Key of parameter b is b, Value is 2, the Key of parameter c is c, Value is 3, the Key of sending time is time, Value is 1622971204638, the Key of the request identifier is verifyId, and Value is eeeff. The data used for splicing are user keys, service parameters, sending time and request identifiers, and the splicing sequence is b, a, c, accessKey, timemap and verifyId. The vault of the first digital signature whose Key is sign is a character string obtained by MD5(b ═ 2& a ═ 1& c ═ 3& accessKey ═ xyz123& timesample ═ 1622971204638& verifyId ═ eeeff), that is, XHUALFOhjo. Thus, the data in the invocation request is:
{
"a":"1",
"b":"2",
"c":"3",
"accessKey":"xyz123",
"timestamp":"1622971204638",
"verifyId":"eeefff",
"sign":"XHUALFOhjo"
}
the server can perform hash calculation on data except the first digital signature in the call request to obtain a second digital signature, and under the condition that the first digital signature is the same as the second digital signature, the server can determine that the data in the call request is not tampered, so that a target interface can be called to process service parameters, and the safety of interface calling is improved.
In other embodiments, the number of times that the calling device calls the target interface within a preset time period and the geographic position of the calling device may also be obtained, and the target interface is called to process the service parameter when the number of times of calling is less than or equal to a preset number threshold and the geographic position of the calling device is located in a preset area. Therefore, the attribute information of the calling equipment can be introduced to restrict the interface calling, and the safety of the interface calling is improved.
According to the embodiment of the disclosure, the legality of the user account can be verified according to the user account and the user key, the authority of the user account is verified according to the user account and the interface identifier of the target interface under the condition that the user account passes the legality verification, and the target interface is called to process the service parameters under the condition that the user account passes the authority verification. Therefore, the legality of the user account can be verified directly based on the user account and the user key, the authority of the user account can be verified based on the user account and the interface identifier, and the interface calling safety is improved through the combination of the legality verification and the authority verification.
Fig. 3 shows a flowchart of another interface calling method provided by the embodiment of the present disclosure, and the following describes in detail the interface calling method provided by the embodiment of the present disclosure with reference to fig. 3, specifically as follows:
s305, the method is started, and then S310 is executed.
S310, the server distributes a user account and a user key for the registered user, stores the corresponding relation between the user account and the user key of the registered user in a user account and user key file, and then executes S315.
S315, the server configures interface calling authority for the user account of the registered user, and then executes S320. Specifically, the corresponding relationship between the user account of the registered user and the interface identifier of the interface is stored in the interface authority file.
S320, the server and the calling device configure the call request calculation rule, and then execute S325.
And S325, the calling device performs hash calculation on the data except the first digital signature in the calling request according to the calling request calculation rule to obtain the first digital signature, then sends a calling request for calling a target interface to the server, and executes S330. Wherein, the call request includes: the system comprises a user account, a user key, service parameters, a sending time, a request identifier and a first digital signature.
S330, the server verifies whether the time difference between the sending time and the receiving time of the calling request is smaller than or equal to a preset duration threshold value. Specifically, the server receives a call request sent by the call device, calculates a time difference between sending time in the call request and receiving time of the call request, and verifies whether the time difference is less than or equal to a preset time threshold. If so, then S335 is performed, otherwise, S365 is performed.
S335, the server verifies whether the user account in the calling request is legal. Specifically, the validity of the user account is verified according to the user account and the user key in the calling request. If the user account is legal, that is, the user account passes the validity verification, S340 is executed, and if not, S370 is executed.
S340, the server verifies whether the user account in the calling request has the calling authority. Specifically, the authority of the user account is verified according to the user account and the interface identifier of the target interface. If the user account has the calling authority, that is, the user account passes the authority verification, S345 is executed, otherwise, S375 is executed.
S345, the server verifies whether the request identification file has the request identification in the calling request. If the request identification file has the request identification, executing S380, otherwise executing S350.
S350, the server verifies whether the first digital signature in the calling request is the same as the second digital signature recalculated by the server. Specifically, the server may perform hash calculation on data in the invocation request except for the first digital signature according to the invocation request calculation rule to obtain a second digital signature, and verify whether the first digital signature in the invocation request is the same as the second digital signature recalculated by the server. If yes, then S355 is executed, otherwise, then S390 is executed.
S355, the server calls the target interface to process the service parameter, and then executes S360.
S360, the server transmits the processing result to the calling device, and then executes S395.
S365, the server outputs a call request timeout exception, and then executes S395.
S370, the server outputs the user account illegal exception, and then executes S395.
S375, the server outputs the user account authority abnormality, and then performs S395.
S380, determining whether the processing result exists. If yes, go to step 385, otherwise go to step 360.
S385, the server outputs a request identification repeat exception, and then executes S395.
S390, the server outputs the digital signature exception, and then executes S395
S395, the method ends.
It can be understood that the interface calling method provided by the embodiment of the present disclosure may be applied to interface calling scenarios in the fields of payment, communication, internet of things, and the like, and the embodiment of the present disclosure is not limited herein.
It is noted that while for simplicity of explanation, the foregoing method embodiments have been described as a series of acts or combination of acts, it will be appreciated by those skilled in the art that the present disclosure is not limited by the order of acts, as some steps may, in accordance with the present disclosure, occur in other orders and concurrently. Further, those skilled in the art should also appreciate that the embodiments described in the specification are exemplary embodiments and that acts and modules referred to are not necessarily required by the disclosure.
The above is a description of embodiments of the method, and the embodiments of the apparatus are further described below.
Fig. 4 is a block diagram of an interface invoking device 400 according to an embodiment of the disclosure, and as shown in fig. 4, the detecting device 400 may be applied to a server deployed with at least one interface, and includes:
the obtaining module 410 is configured to obtain a call request for a calling device to call a target interface in at least one interface, where the call request includes a user account, a user key, and a service parameter.
The verification module 420 is configured to perform validity verification on the user account according to the user account and the user key.
The verification module 420 is configured to perform authority verification on the user account according to the user account and the interface identifier of the target interface when the user account passes the validity verification.
And the calling module 430 is configured to call the target interface to process the service parameter when the user account passes the permission verification.
In some embodiments, the verification module 420 is specifically configured to: and determining that the user account passes the validity verification under the condition that the corresponding relation between the user account and the user key exists in the preset user account and user key file.
In some embodiments, the verification module 420 is specifically configured to: and under the condition that the corresponding relation between the user account and the interface identifier exists in the preset interface authority file, determining that the user account passes the authority verification.
In some embodiments, the invocation request further includes a sending time of the invocation request, and the verification module 420 is specifically configured to: and calculating the time difference between the sending time and the receiving time of the calling request, and carrying out validity verification on the user account according to the user account and the user key under the condition that the time difference is less than or equal to a preset time threshold.
In some embodiments, the invocation request further includes a request identifier of the invocation request, and the invocation module 430 is specifically configured to: and under the condition that the request identifier does not exist in the preset request identifier file, calling the target interface to process the service parameter, and adding the request identifier to the request identifier file.
In some embodiments, the invocation request further includes a first digital signature, wherein the first digital signature is obtained by the invocation device through hash calculation on data in the invocation request except the first digital signature.
The calling module 430 is specifically configured to: and carrying out Hash calculation on the data except the first digital signature in the calling request to obtain a second digital signature, and calling the target interface to process the service parameters under the condition that the first digital signature is the same as the second digital signature.
In some embodiments, the calling module 430 is specifically configured to: the method comprises the steps of obtaining the calling times of calling a target interface by calling equipment in a preset time period and the geographic position of the calling equipment, and calling the target interface to process service parameters under the condition that the calling times are smaller than or equal to a preset time threshold value and the geographic position of the calling equipment is located in a preset area.
It can be understood that each module/unit in the interface invoking device 400 shown in fig. 4 has a function of implementing each step in the interface invoking method provided by the embodiment of the present disclosure, and can achieve the corresponding technical effect, and for brevity, no further description is provided herein.
In the technical scheme of the disclosure, the acquisition, storage, application and the like of the personal information of the related user all accord with the regulations of related laws and regulations, and do not violate the good customs of the public order.
FIG. 5 illustrates a schematic block diagram of an electronic device 500 that may be used to implement embodiments of the present disclosure. The electronic device 500 is intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device 500 may also represent various forms of mobile devices, such as personal digital assistants, cellular telephones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
As shown in fig. 5, the electronic device 500 may include a computing unit 501 that may perform various appropriate actions and processes according to a computer program stored in a Read Only Memory (ROM)502 or a computer program loaded from a storage unit 508 into a Random Access Memory (RAM) 503. In the RAM503, various programs and data required for the operation of the electronic apparatus 500 can also be stored. The calculation unit 501, the ROM502, and the RAM503 are connected to each other by a bus 504. An input/output (I/O) interface 505 is also connected to bus 504.
A number of components in the electronic device 500 are connected to the I/O interface 505, including: an input unit 506 such as a keyboard, a mouse, or the like; an output unit 507 such as various types of displays, speakers, and the like; a storage unit 508, such as a magnetic disk, optical disk, or the like; and a communication unit 509 such as a network card, modem, wireless communication transceiver, etc. The communication unit 509 allows the electronic device 500 to exchange information/data with other devices through a computer network such as the internet and/or various telecommunication networks.
The computing unit 501 may be a variety of general-purpose and/or special-purpose processing components having processing and computing capabilities. Some examples of the computing unit 501 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various dedicated Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, and so forth. The computing unit 501 performs the various methods and processes described above, such as the methods 200 or 300. For example, in some embodiments, the methods 200 or 300 may be implemented as a computer program product, including a computer program, tangibly embodied in a computer-readable medium, such as the storage unit 508. In some embodiments, part or all of the computer program may be loaded and/or installed onto the device 500 via the ROM502 and/or the communication unit 509. When the computer program is loaded into RAM503 and executed by the computing unit 501, one or more steps of the method 200 or 300 described above may be performed. Alternatively, in other embodiments, the computing unit 501 may be configured to perform the methods 200 or 300 in any other suitable manner (e.g., by way of firmware).
The various embodiments described herein above may be implemented in digital electronic circuitry, integrated circuitry, Field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), systems on a chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
Program code for implementing the methods of the present disclosure may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor or controller, cause the functions/operations specified in the flowchart and/or block diagram to be performed. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a computer-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a computer-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
It should be noted that the present disclosure also provides a non-transitory computer-readable storage medium storing computer instructions, where the computer instructions are used to enable a computer to execute the method 200 or 300, and achieve the corresponding technical effects achieved by the method according to the embodiments of the present disclosure, and for brevity, the descriptions are omitted here.
Additionally, the present disclosure also provides a computer program product comprising a computer program which, when executed by a processor, implements the method 200 or 300.
To provide for interaction with a user, the above-described embodiments may be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The embodiments described above may be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user may interact with an implementation of the systems and techniques described herein), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), and the Internet.
The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server may be a cloud server, a server of a distributed system, or a server with a combined blockchain.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present disclosure may be executed in parallel, sequentially, or in different orders, as long as the desired results of the technical solutions disclosed in the present disclosure can be achieved, and the present disclosure is not limited herein.
The above detailed description should not be construed as limiting the scope of the disclosure. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present disclosure should be included in the scope of protection of the present disclosure.
Claims (10)
1. An interface calling method applied to a server, the server deploying at least one interface, the method comprising:
acquiring a calling request for calling a target interface in the at least one interface by calling equipment, wherein the calling request comprises a user account, a user key and service parameters;
according to the user account and the user key, carrying out validity verification on the user account;
when the user account passes the validity verification, performing authority verification on the user account according to the user account and the interface identifier of the target interface;
and calling the target interface to process the service parameters under the condition that the user account passes the authority verification.
2. The method of claim 1, wherein the verifying the validity of the user account according to the user account and the user key comprises:
and determining that the user account passes the validity verification under the condition that the corresponding relation between the user account and the user key exists in a preset user account and user key file.
3. The method of claim 1, wherein the performing the authorization verification on the user account according to the user account and the interface identifier of the target interface comprises:
and determining that the user account passes the permission verification under the condition that the corresponding relation between the user account and the interface identifier exists in a preset interface permission file.
4. The method of claim 1, wherein the invocation request further includes a sending time of the invocation request, and the verifying the validity of the user account according to the user account and the user key comprises:
calculating the time difference between the sending time and the receiving time of the calling request;
and under the condition that the time difference is smaller than or equal to a preset time length threshold, carrying out validity verification on the user account according to the user account and the user key.
5. The method of any one of claims 1-4, wherein the invocation request further includes a request identification of the invocation request, and the invoking the target interface to process the service parameter includes:
and under the condition that the request identifier does not exist in a preset request identifier file, calling the target interface to process the service parameter, and adding the request identifier to the request identifier file.
6. The method according to any one of claims 1 to 4, wherein the invocation request further includes a first digital signature, wherein the first digital signature is obtained by the invocation device performing a hash calculation on data in the invocation request except for the first digital signature;
the calling the target interface to process the service parameters comprises:
performing hash calculation on data except the first digital signature in the calling request to obtain a second digital signature;
and calling the target interface to process the service parameter under the condition that the first digital signature is the same as the second digital signature.
7. The method of any of claims 1-4, wherein the invoking the target interface to process the service parameter comprises:
acquiring the calling times of the calling equipment for calling the target interface in a preset time period and the geographic position of the calling equipment;
and calling the target interface to process the service parameters under the condition that the calling times are less than or equal to a preset time threshold and the geographic position of the calling equipment is located in a preset area.
8. An interface calling apparatus applied to a server, the server deploying at least one interface, the apparatus comprising:
the obtaining module is used for obtaining a calling request of calling a target interface in the at least one interface by calling equipment, wherein the calling request comprises a user account, a user key and service parameters;
the verification module is used for verifying the legality of the user account according to the user account and the user key;
the verification module is used for verifying the authority of the user account according to the user account and the interface identifier of the target interface under the condition that the user account passes the validity verification;
and the calling module is used for calling the target interface to process the service parameters under the condition that the user account passes the authority verification.
9. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-7.
10. A non-transitory computer readable storage medium having stored thereon computer instructions for causing a computer to perform the method of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110832715.3A CN113609520A (en) | 2021-07-22 | 2021-07-22 | Interface calling method, device, equipment and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110832715.3A CN113609520A (en) | 2021-07-22 | 2021-07-22 | Interface calling method, device, equipment and computer readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113609520A true CN113609520A (en) | 2021-11-05 |
Family
ID=78338123
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110832715.3A Pending CN113609520A (en) | 2021-07-22 | 2021-07-22 | Interface calling method, device, equipment and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113609520A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116055053A (en) * | 2022-10-01 | 2023-05-02 | 广州洋葱时尚集团有限公司 | Interface calling method, device and computer equipment |
-
2021
- 2021-07-22 CN CN202110832715.3A patent/CN113609520A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116055053A (en) * | 2022-10-01 | 2023-05-02 | 广州洋葱时尚集团有限公司 | Interface calling method, device and computer equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109766479B (en) | Data processing method and device, electronic equipment and storage medium | |
| CN113766487B (en) | Cloud mobile phone information acquisition method, device, equipment and medium | |
| CN110839004A (en) | Method and device for access authentication | |
| CN112764887A (en) | Construction method, processing method, device, equipment and storage medium of transaction request | |
| CN110602098B (en) | Identity authentication method, device, equipment and storage medium | |
| CN113452700B (en) | Method, device, equipment and storage medium for processing safety information | |
| CN113609520A (en) | Interface calling method, device, equipment and computer readable storage medium | |
| CN114157480A (en) | Method, device, equipment and storage medium for determining network attack scheme | |
| CN113946816A (en) | Cloud service-based authentication method and device, electronic equipment and storage medium | |
| CN113312560A (en) | Group detection method and device and electronic equipment | |
| CN114726579B (en) | Method, device, equipment, storage medium and program product for defending network attack | |
| CN112948831B (en) | Application risk identification method and device | |
| CN114371863A (en) | Data processing method and device, electronic equipment and computer readable storage medium | |
| CN113672994B (en) | Cooking equipment data management method, device and system based on blockchain | |
| CN111786936A (en) | Method and device for authentication | |
| CN114282237B (en) | Communication method, device, equipment and storage medium | |
| CN111885006B (en) | Page access and authorized access method and device | |
| CN116595500A (en) | Authentication method, device, system, electronic equipment and storage medium | |
| CN115080205B (en) | Task execution method, device, electronic equipment and readable storage medium | |
| CN116132117A (en) | Interface attack detection method and device, electronic equipment and storage medium | |
| CN110262756B (en) | Method and device for caching data | |
| CN114090073A (en) | Interface information extraction method and device, electronic equipment and storage medium | |
| CN117768463A (en) | Method and device for simulating cloud mobile phone, electronic equipment and storage medium | |
| CN117150577A (en) | Hardware detection method and device of electronic equipment, electronic equipment and storage medium | |
| CN116318769A (en) | Gateway interception method, device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |