OpenAPI series: III. Terms

I. OAuth Protocol

The OAuth protocol is designed to enable websites and applications (collectively called Consumers) to access a web Service (collectively referred to as service providers) through APIS without disclosing their authentication certificates). More generally, OAuth provides API authentication with a customizable and common method.

A typical example is printer.example.com (consumer), a printing service provider that wants to access the user stored in photos.example.net (Service Provider) without having to provide the user's photo storage site password) personal photo on.

OAuth does not require a specific user interface or operation mode, and does not limit how the service provider verifies the user. It is particularly suitable for situations where the authentication certificate is unavailable to the consumer, such as OpenID.

OAuth is committed to providing unified experience and implementation for hosting web service authentication, forming a community-driven protocol. OAuth is built on existing protocols and optimization practices that have been independently implemented by multiple sites, it is an open standard supported by large and small service providers and that enhances the continuity and credibility of application developers and users.

 

OAuth terminology

Service Provider:

A web application that allows access through OAuth.

User:

An individual with an account at the service provider.

Consumer:

A website or application that represents a user accessing a service provider in the form of OAuth.

Protected Resource (s ):

The data controlled by the service provider can be accessed by the user-authenticated consumer.

Consumer Developer:

The individual or organization of the consumer.

Consumer Key:

The value that the consumer uses to identify to the service provider.

Consumer key Consumer Secret:

The consumer is used to establish a key for ownership of the consumer's key value.

Request Token:

The value that the consumer uses to obtain authorization from the user and exchange the request token.

Access Token:

The value that the consumer uses to indicate that the user accesses protected resources without a password.

Token Secret:

The consumer establishes a key for ownership of a specific token.

OAuth Protocol Parameters:

Parameter Name, Oauth _.

 

Ii. REST

REST (Representational State Transfer declarative State Transfer) is a design and development method for network applications, which can reduce development complexity and improve system scalability.

REST was initially a method proposed by Roy Fielding in his doctoral thesis in 2000 to evaluate the Software Architecture, later, this method included a set of principles guiding the Software Architecture design, reflecting a Software Architecture Style ). Now people think that REST is a set of design principles, reflecting a software architecture style. In essence, REST is not a specific architecture. The software and architecture designed according to the REST principle is generally called "RESTful ). The core of REST includes the following:

 

(1) All entities in REST are resources, and resources are specified by Uris.

(2) operations on resources include obtaining, creating, modifying, and deleting resources.

(3) perform operations on resources in the form of operations on resources.

(4) The resource format can be any format. For example, in a Web application, it can be XML or HTML, depending on whether the reader is a machine or a person, whether it is a customer software that consumes web Services or a web browser.

 

 

The design of the OpenAPI project will refer to the OAuth protocol and the REST principle. Because the first time I entered this field, many places could not understand it. I hope you will give more comments and discuss it together ..

 

 

 

[Back to navigation]