The client exchanges data with the server over the HTTP protocol

Source: Internet
Author: User
Tags sha1

The client (including the browser) initiates the request HTTP method through the HTTP protocol and the server-side exchange of data
    • Write request using Post
    • Read request using Get
Parameter submission
    • Submits a normal object, using the key-value pair parameter

      X-www-form-urlencoed

    • When a parameter with the same name has multiple values, the use of the HTTP table singular group method

      • Options[]:a
      • Options[]:b
      • Options[]:c
        ...
    • JSON serializes the object/multidimensional array when the parameter corresponds to a complex object or a multidimensional array

Handle server-side response preparation

Depending on your business needs, determine whether the current response returns business data or system messages . (This step is not code-handling)

Code handling
    1. Check the HTTP status code. In the Check status code (for example: 200. It must be determined based on actual needs, and this is only an example, and may no longer require further processing and thus end the processing process.
    2. If the response returns business Data , it can be read from the HTTP body when the HTTP status code indicates that the response was successful.
    3. If the response returns a system message , you can use the message code to determine the type of message, and then decide whether to use the message description and payload based on the actual demand.
API Signature Mechanism

The signature is not required to be SignFree marked.

  1. A key-value pair is generated with the request parameter, and the key-value pair is the parameter name = parameter value, where the parameter value of the uploaded file is the lowercase form of the file content SHA1 result.
  2. All key-value pairs are naturally sorted by key, and then the "&" connection is used as the content string.
  3. Use the content string to generate a string to be signed, such as " inner capacity inner capacity {App ID} Inter -time stamping Inter -time stamping {Apply Key} '.

    Note: ${} represents a placeholder.

  4. The string to be signed uses SHA1 to generate the signature, and the result ignores case.
Operation Result Status Description HTTP status code
    • 200 successful operation
    • 400 a problem with the request, such as: Form validation failed, request signature validation failed, etc.
    • 401 authentication failed.
    • 403 No access rights.
    • 409 response of request processing completed but not really successful due to business rule constraints or other reasons
    • 500 Server Error
    • 503 in Server Maintenance
Message structure

{"code":CODE,"msg":MSG,"payload":PAYLOAD}

    • Code: Message codes. String, which is definitely not empty. For an API, the message code is used to differentiate the type of message, and once determined it is no longer changed.
    • MSG: Message description. String.
    • PAYLOAD: Payload. A JSON object or array.
return result contract
    • Any operation that should return a collection, returning an empty set when no results are found
    • are expressed in JSON
Security protection

Not entirely necessary, depending on the business requirements.

CSRF (cross-site request forgery) token submission
    1. Read the cookie named Xsrf-token returned by the server
    2. When submitting a request, carry a token value
      • Via HTTP Header,x-xsrf-token
      • Through system-level parameters, _xsrf_token
App ID, timestamp, signature submission
    1. Id
      Via HTTP header, X-client-id.
      Through system-level parameters, _clientid.

    2. Time stamp
      Via HTTP header, X-timestamp.
      Through system-level parameters, _timestamp.

    3. Signature
      Via HTTP header, X-client-sign.
      Through system-level parameters, _clientsign.

The client exchanges data with the server over the HTTP protocol

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.