The client (including the browser) initiates the request HTTP method through the HTTP protocol and the server-side exchange of data
- Write request using Post
- Read request using Get
Parameter submission
Submits a normal object, using the key-value pair parameter
X-www-form-urlencoed
When a parameter with the same name has multiple values, the use of the HTTP table singular group method
- Options[]:a
- Options[]:b
- Options[]:c
...
JSON serializes the object/multidimensional array when the parameter corresponds to a complex object or a multidimensional array
Handle server-side response preparation
Depending on your business needs, determine whether the current response returns business data or system messages . (This step is not code-handling)
Code handling
- Check the HTTP status code. In the Check status code (for example: 200. It must be determined based on actual needs, and this is only an example, and may no longer require further processing and thus end the processing process.
- If the response returns business Data , it can be read from the HTTP body when the HTTP status code indicates that the response was successful.
- If the response returns a system message , you can use the message code to determine the type of message, and then decide whether to use the message description and payload based on the actual demand.
API Signature Mechanism
The signature is not required to be SignFree
marked.
- A key-value pair is generated with the request parameter, and the key-value pair is the parameter name = parameter value, where the parameter value of the uploaded file is the lowercase form of the file content SHA1 result.
- All key-value pairs are naturally sorted by key, and then the "&" connection is used as the content string.
- Use the content string to generate a string to be signed, such as " inner capacity inner capacity {App ID} Inter -time stamping Inter -time stamping {Apply Key} '.
Note: ${} represents a placeholder.
- The string to be signed uses SHA1 to generate the signature, and the result ignores case.
Operation Result Status Description HTTP status code
- 200 successful operation
- 400 a problem with the request, such as: Form validation failed, request signature validation failed, etc.
- 401 authentication failed.
- 403 No access rights.
- 409 response of request processing completed but not really successful due to business rule constraints or other reasons
- 500 Server Error
- 503 in Server Maintenance
Message structure
{"code":CODE,"msg":MSG,"payload":PAYLOAD}
- Code: Message codes. String, which is definitely not empty. For an API, the message code is used to differentiate the type of message, and once determined it is no longer changed.
- MSG: Message description. String.
- PAYLOAD: Payload. A JSON object or array.
return result contract
- Any operation that should return a collection, returning an empty set when no results are found
- are expressed in JSON
Security protection
Not entirely necessary, depending on the business requirements.
CSRF (cross-site request forgery) token submission
- Read the cookie named Xsrf-token returned by the server
- When submitting a request, carry a token value
- Via HTTP Header,x-xsrf-token
- Through system-level parameters, _xsrf_token
App ID, timestamp, signature submission
Id
Via HTTP header, X-client-id.
Through system-level parameters, _clientid.
Time stamp
Via HTTP header, X-timestamp.
Through system-level parameters, _timestamp.
Signature
Via HTTP header, X-client-sign.
Through system-level parameters, _clientsign.
The client exchanges data with the server over the HTTP protocol