General statement: As long as the 2 end (caller and callee) separated, whether it is back-end to the back end or front-end to the backend or terminal to the back end of the normal interface needs to have a authentication, the process of data addition solution
1. Identity identifiers
1.1.token Mode Authentication token as an identity identifier,
Note: The general program will have a login module, or authentication module, call authentication interface interface to provide direction caller issued token as identity identifier, the subsequent need authentication interface with token, as evidence basis; token has a certain life cycle (validity), and specific or unique generation rules ( token generation has a separate rule can take a special factor ), the processing of the validity of the voucher : Active renewal or passive renewal or limit the number of use of the processing mode
- Passive renewal: When the caller calls the interface, the interface automatically extends the usage time for example: 10:30 call interface, token validity period will automatically continue for 30 minutes
- Active Renewal: The interface provider does not automatically process the voucher (token) renewal, such as the request login interface when the token issued by the interface will limit the validity period or the validity of the joint issued;The caller takes the token and the expiration date, and then, based on the time, invokes the provided renewal interface within the validity period, and the interface provider passes the renewal interfaceIf the token that is generated by the renewal interface is changed (the new token may be inconsistent with the previous token in the renewal period),The back end needs to be handled concurrently, Ensure that the old and new tokens are valid at the same time for a specific period. (If the program has an encryption certificate set up, it is necessary to provide an update interface when the encryption certificate is updated to ensure new and old coexistence time )
- Use times: General special interface voucher only need to use a small number of times or just a single use, can be used to identify the number of times control.
1.2 Fixed ID (key) or OpenID identifier as identity symbol
Note: Fixed identification is long, such as the interface provider for all required callers each assigned a separate identity symbol and a cryptographic string
The interface provider provides the cryptographic string to the caller in a special way, for example, an agreed key of 123, the requester will mix the requested parameters with the key after a mixed generation sign, the interface provider based on the sign authentication (such as the request parameter stitching into a string to add a key MD5 or S Ha1 such as the generation of sign value interface provider in the same way the sign alignment is consistent)
2. Encryption of data
2.1key or certificate
Typically used similar to SHA1 sha256 MD5 base64 AES RSA rsa256 etc.
- Example 1: Assigning a unique key with a set rule to generate a sign value for verification
- Example 2: Assigning a unique key to AES encryption of data in a specific way ensures that the requested data is all secret or binary data except for partially exposed data, usually in the form of PKCS rules or special fixed calculations
- Example 3: Generating the public key private key is processed by RSA method
2.2 Types of certificates
Common certificate formats are CA certificate PFX, CER, PEM, and so on. General OpenSSL various formats can be converted to each other,
There may be differences in the format used between each development language
Interface interaction authentication and data processing