Movatterモバイル変換

[0]ホーム
URL:

CN114978761B - Interface authorization method and device, electronic equipment and medium - Google Patents

Interface authorization method and device, electronic equipment and mediumDownload PDF

Info

Publication number
CN114978761B
CN114978761BCN202210745844.3ACN202210745844ACN114978761BCN 114978761 BCN114978761 BCN 114978761BCN 202210745844 ACN202210745844 ACN 202210745844ACN 114978761 BCN114978761 BCN 114978761B
Authority
CN
China
Prior art keywords
interface
target
authorization
client
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210745844.3A
Other languages
Chinese (zh)
Other versions
CN114978761A (en
Inventor
易旺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Bank Co Ltd
Original Assignee
Ping An Bank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Bank Co LtdfiledCriticalPing An Bank Co Ltd
Priority to CN202210745844.3ApriorityCriticalpatent/CN114978761B/en
Publication of CN114978761ApublicationCriticalpatent/CN114978761A/en
Application grantedgrantedCritical
Publication of CN114978761BpublicationCriticalpatent/CN114978761B/en
Activelegal-statusCriticalCurrent
Anticipated expirationlegal-statusCritical

Links

Images

Classifications

Landscapes

Abstract

The application provides an interface authorization method, an interface authorization device, electronic equipment and a medium, which are applied to a service platform, wherein the service platform comprises a service server and an authorization server; the method comprises the following steps: when receiving an interface call request of a target client for a first target interface, a service server acquires a target service scene tag carried in the interface call request and generates a target encryption string corresponding to the target service scene tag; the generated target encryption string is hidden and attached to an interface return message aiming at the interface call request to be sent to a target client; when the authorization server receives a first interface authorization request which is sent by a target client and aims at a second target interface, if the authorization server judges that the authorization server accords with a preset authorization authentication condition according to a client identifier, IP information and a target encryption string carried by the authorization server, the authorization server authorizes the request through the first interface, so that the authorization server can automatically authenticate the authorization of the request through the interface, and the development efficiency is improved.

Description

Interface authorization method and device, electronic equipment and medium
Technical Field
The present invention relates to the field of computer processing, and in particular, to an interface authorization method, an apparatus, an electronic device, and a medium.
Background
With the development of the internet, in order to facilitate cooperation between enterprises, it is often necessary to dock a service system of a server with a client in an outer zone; thus, the interface provided by the service system at the server needs to interface with the foreign client. In the existing service system, a client side needs to manually inform a service side to provide interface information, and then a service side manager performs authorization configuration on the client side of the client side one by one aiming at each interface; and the server side management personnel still need to add authorization configuration one by one aiming at the authorized client side, so that time and labor are consumed, the labor input cost is too high, and sometimes the interface joint debugging progress is slow due to untimely authorization, and the development efficiency is influenced.
Disclosure of Invention
In view of this, an object of the present application is to provide an interface authorization method, apparatus, electronic device, and medium, which can automatically authenticate a client that has been authenticated by a partial interface by using the authentication of the client through other interfaces, thereby improving development efficiency.
The interface authorization method provided by the embodiment of the application is applied to a service platform, wherein the service platform comprises a service server and an authorization server; the method comprises the following steps:
The service server receives an interface call request of a target client for a first target interface, wherein the first target interface is an interface which is authorized to pass by for the target client;
the service server extracts a target service scene tag carried in the interface call request and generates a target encryption string corresponding to the target service scene tag;
the service server conceals and attaches the generated target encryption string in an interface return message aiming at an interface call request, and sends the interface return message to a target client so that the target client obtains the target encryption string of the target service scene;
when the authorization server receives a first interface authorization request which is sent by a target client and aims at a second target interface, if the first interface authorization request meets a preset authorization authentication condition according to a client identifier, IP information and a target encryption string of a target service scene carried in the first interface authorization request, authorizing the first interface authorization request through the first interface authorization request.
In some embodiments, in the interface authorization method, the interface call request for the first target interface further carries an interface identifier of the first target interface;
After the service server receives the interface call request of the target client for the first target interface, the method further comprises the following steps:
and the service server determines a first target interface according to the interface identifier, and sends an interface return message aiming at an interface calling request to the target client so as to enable the target client to establish connection with the first target interface.
In some embodiments, in the interface authorization method, according to a client identifier, IP information, and a target encryption string of a target service scenario carried in the first interface authorization request, determining whether the first interface authorization request meets a preset authorization authentication condition includes:
the authorization server respectively judges whether the client identification and the IP information carried in the first interface authorization request are the same as the client identification and the IP information corresponding to the first target interface which passes the authorization aiming at the target client;
if the target encryption strings are the same, extracting target encryption strings in the first interface authorization request, analyzing to obtain service scene labels corresponding to the target encryption strings, and judging whether the analyzed scene labels accord with preset service scene labels or not;
If yes, judging that the first interface authorization request meets a preset authorization authentication condition.
In some embodiments, in the interface authorization method, the client identifier and the IP information corresponding to the first target interface through which the target client is authorized are obtained through the following method:
when the authorization server receives an interface call request of a target client for a first target interface, verifying the interface call request according to a preset verification rule;
if the authentication is passed, the authorization server forwards the interface call request to a service server, and simultaneously extracts and stores the client identification and the IP information in the interface call request.
In some embodiments, in the interface authorization method, for a first target interface through which the target client is authorized, authorization authentication is performed on the target client by:
the authorization server receives a second interface authorization request of the target client for the first target interface;
the authorization server receives a certain authorization operation for the second interface authorization request, and authorizes the request through the second interface authorization.
In some embodiments, in the interface authorization method, after the service server extracts a target service scene tag in the interface call request and generates a target encryption string corresponding to the target service scene tag, the interface authorization method further includes:
acquiring an associated service scene tag associated with the target service scene tag according to a preset scene tag association relationship, and generating an associated encryption string corresponding to the associated service scene tag;
the service server conceals and attaches the generated target encryption string in an interface return message aiming at an interface call request, so that a target client receiving the interface return message obtains the target encryption string of the target service scene, and the method comprises the following steps: and the service server conceals and attaches the generated target encryption string and the generated associated encryption string in an interface return message aiming at the interface call request, so that a target client receiving the interface return message acquires the target encryption string of the target service scene and the associated encryption string of the associated service scene.
In some embodiments, in the interface authorization method, when the authorization server receives a third interface authorization request for a third target interface sent by a target client, if it is determined that the third interface authorization request meets a preset authorization authentication condition according to a client identifier, IP information, and a target encryption string of a target service scenario carried in the third interface authorization request, the authorization request is authorized by the third interface authorization request.
In some embodiments, there is further provided an interface authorization apparatus applied to a service platform, where the service platform includes a service server and an authorization server; the interface authorization device comprises:
the receiving module is used for enabling the service server to receive an interface calling request of the target client for the first target interface; the first target interface is an interface which is authorized to pass through for the target client;
the generating module is used for enabling the service server to extract a target service scene label carried in the interface calling request and generating a target encryption string corresponding to the target service scene label;
the first sending module is used for enabling the service server to hide and send the generated target encryption string in an interface return message aiming at an interface call request, and sending the interface return message to a target client so as to enable the target client to acquire the target encryption string of the target service scene;
and the first authorization module is used for authorizing the request to pass through the first interface if judging that the first interface authorization request meets the preset authorization authentication condition according to the client identifier, the IP information and the target encryption string of the target service scene carried in the first interface authorization request when the authorization server receives the first interface authorization request aiming at the second target interface and sent by the target client.
In some embodiments, there is also provided an electronic device comprising: the system comprises a processor, a memory and a bus, wherein the memory stores machine-readable instructions executable by the processor, the processor and the memory are communicated through the bus when the electronic device runs, and the machine-readable instructions are executed by the processor to execute the steps of the interface authorization method.
In some embodiments, a computer readable storage medium is also provided, on which a computer program is stored, which computer program, when being executed by a processor, performs the steps of the interface authorization method.
Based on this, the embodiment of the application provides an interface authorization method, when a client invokes any one interface in a service scene for the first time, authorization authentication is performed for the interface, after authorization, a client identifier and IP information of the client are stored, and an encryption string representing the service scene is sent to the client; when a client calls another interface in the service scene for the first time, the encryption string of the service scene is sent to an authorization server, and the authorization server automatically judges that the client can pass authorization authentication through the client identification, the IP information and the encryption string, so that the client and the authorization authentication of the other interface can be automatically passed, a service side manager is not required to conduct multiple authorization operations on multiple interfaces in the same service scene by the same client, the authorization authentication efficiency is improved, the labor investment cost is reduced, timely authorization is ensured, the interface joint debugging progress is advanced, and the development efficiency is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered limiting the scope, and that other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a method for interface authorization according to an embodiment of the present application;
FIG. 2 is a flowchart of a method for authorization authentication between a first target interface and a target client according to an embodiment of the present application;
fig. 3 shows a flowchart of a method for obtaining a client identifier and IP information corresponding to a first target interface in an embodiment of the present application;
fig. 4 is a flowchart of a method for determining whether the first interface authorization request meets a preset authorization authentication condition according to an embodiment of the present application;
FIG. 5 is a schematic structural diagram of an interface authorization device according to an embodiment of the present application;
fig. 6 shows a schematic structural diagram of the electronic device in the embodiment of the application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more clear, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it should be understood that the accompanying drawings in the present application are only for the purpose of illustration and description, and are not intended to limit the protection scope of the present application. In addition, it should be understood that the schematic drawings are not drawn to scale. A flowchart, as used in this application, illustrates operations implemented according to some embodiments of the present application. It should be understood that the operations of the flow diagrams may be implemented out of order and that steps without logical context may be performed in reverse order or concurrently. Moreover, one or more other operations may be added to the flow diagrams and one or more operations may be removed from the flow diagrams as directed by those skilled in the art.
In addition, the described embodiments are only some, but not all, of the embodiments of the present application. The components of the embodiments of the present application, which are generally described and illustrated in the figures herein, may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present application, as provided in the accompanying drawings, is not intended to limit the scope of the application, as claimed, but is merely representative of selected embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present application without making any inventive effort, are intended to be within the scope of the present application.
It should be noted that the term "comprising" will be used in the embodiments of the present application to indicate the presence of the features stated hereinafter, but not to exclude the addition of other features.
With the development of the internet, in order to facilitate cooperation between enterprises, it is often necessary to dock a service system of a server with a client in an outer zone; thus, the interface provided by the service system at the server needs to interface with the foreign client. In the existing service system, a client side needs to manually inform a service side to provide interface information, and then a service side manager performs authorization configuration on the client side of the client side one by one aiming at each interface; and the server side management personnel still need to add authorization configuration one by one aiming at the authorized client side, so that time and labor are consumed, the labor input cost is too high, and sometimes the interface joint debugging progress is slow due to untimely authorization, and the development efficiency is influenced.
Exemplary business systems include a plurality of business scenarios, such as a staged transaction scenario, a fund transaction scenario, and a city service scenario; there are several interfaces in each scenario, for example, the staged transaction scenario includes the following interfaces: n001 represents a stage protocol application interface, N002 represents a stage protocol maintenance interface, N003 represents a stage posted transaction detail query interface, N004 represents a stage transaction non-posted detail query interface, N005 represents a stage transaction summary query interface, and N006 represents an automatic stage protocol query interface; similarly, the fund transaction scene and the city service scene also comprise a plurality of interfaces.
When the client of the client side is in butt joint with the business system, the client needs to be in butt joint with each interface in three scenes, namely a stage transaction scene, a fund transaction scene and a city service scene; this means that the client needs to interface with tens or even tens of interfaces.
In the prior art, for each interface, when a client calls the interface for the first time, an interface authorization request needs to be sent to an authorization system; after finding that the client is a new channel, a manager of a server side authorizes the interface of the client in an authorization system and configures authorization information to pass authorization authentication; that is, when the client needs to dock with more than ten interfaces, even tens of interfaces in the service system, the server management personnel are required to authorize the client, the operation is very complicated, sometimes the client cannot be authorized in time, the interface joint debugging progress is slow, and the development efficiency is affected; furthermore, it is provided that; the client may apply for authorization authentication for a part of interfaces, and in the subsequent use process, the client needs to call another part of interfaces with unauthorized authentication, and then needs to cooperate with the service personnel of the manager to add authorization configuration one by one, which is time-consuming and labor-consuming.
The service system of the embodiment of the application operates in a service server of a service side service platform; the authorization system is operated in an authorization server of the service side business platform; the authorization server and the service server are divided according to functions, and can be two independent servers, or the service system and the authorization system can be operated on one server.
Based on this, the embodiment of the application provides an interface authorization method, when a client invokes any one interface in a service scene for the first time, authorization authentication is performed for the interface, after authorization, a client identifier and IP information of the client are stored, and an encryption string representing the service scene is sent to the client; when a client calls another interface in the service scene for the first time, the encryption string of the service scene is sent to an authorization server, and the authorization server automatically judges that the client can pass authorization authentication through the client identification, the IP information and the encryption string, so that the client and the authorization authentication of the other interface can be automatically passed, a service side manager is not required to conduct multiple authorization operations on multiple interfaces in the same service scene by the same client, the authorization authentication efficiency is improved, the labor investment cost is reduced, timely authorization is ensured, the interface joint debugging progress is advanced, and the development efficiency is improved.
Referring to fig. 1, fig. 1 shows an interface authorization method according to an embodiment of the present application, which is applied to a service platform, where the service platform includes a service server and an authorization server; specifically, the method comprises the following steps S101-S104:
s101, the service server receives an interface call request of a target client for a first target interface, wherein the first target interface is an interface which is authorized to pass by for the target client;
s102, the service server extracts a target service scene label carried in the interface call request and generates a target encryption string corresponding to the target service scene label;
s103, the service server conceals and attaches the generated target encryption string in an interface return message aiming at an interface call request, and sends the interface return message to a target client so that the target client obtains the target encryption string of the target service scene;
and S104, when the authorization server receives a first interface authorization request which is sent by a target client and aims at a second target interface, if the first interface authorization request meets a preset authorization authentication condition according to a client identifier, IP information and a target encryption string of a target service scene carried in the first interface authorization request, authorizing the first interface authorization request to pass through the first interface authorization request.
Referring to fig. 2, fig. 2 is a flowchart illustrating a method for authorization authentication between a first target interface and a target client in an embodiment of the present application, and in step S101, the first target interface is an interface through which authorization has been passed for the target client; specifically, the first target interface through which the target client is authorized passes is used for carrying out authorization authentication on the target client in the following manner:
s201, the authorization server receives a second interface authorization request of a target client for a first target interface;
s202, the authorization server receives a determining authorization operation for the second interface authorization request, and authorizes the second interface authorization request.
In this embodiment of the present application, before the authorization server receives the second interface authorization request of the target client for the first target interface, the invoking process of the target client for the first target interface further includes the following steps:
when a target client initially connects a certain service scene, sending an initial interface calling request for a first target interface to a service server; the initial interface call request comprises application information;
and the service server forwards the initial interface call request to an authorization server, and the authorization server takes the initial interface call request as a second interface authorization request aiming at the first target interface.
Correspondingly, the authorization server receives a determining authorization operation for the second interface authorization request, and authorizes the request through the second interface authorization.
Specifically, the application information includes a target client identifier, ip information, a service system name, an interface identifier, a calling mode, an access amount, an access time and the like; the target client identifier may be a system number app id of the client, and the interface identifier may be an interface number;
referring to fig. 3, fig. 3 shows a flowchart of a method for obtaining a client identifier and IP information corresponding to a first target interface in an embodiment of the present application; as shown in fig. 3, in the step S104, the client identifier and the IP information corresponding to the first target interface that the target client is authorized to pass through are obtained by:
s301, when the authorization server receives an interface call request of a target client for a first target interface, verifying the interface call request according to a preset verification rule;
s302, if the verification is passed, the authorization server forwards the interface call request to a service server, and simultaneously extracts and stores the client identification and the IP information in the interface call request.
Here, that is to say, the service server receives the interface call request of the target client for the first target interface, and specifically includes:
when the authorization server receives an interface call request of a target client for a first target interface, verifying the interface call request according to a preset verification rule;
and if the authentication is passed, the authorization server forwards the interface calling request to a service server.
The extracting and storing the client identification and the IP information in the interface call request comprises the following steps:
extracting client identification and IP information in an interface call request, and searching whether the stored client identification and IP information have the same client identification and IP information; and if the client identification and the IP information do not exist, storing the client identification and the IP information.
That is, only when the target client first invokes the interface in the service server, the client identifier and the IP information need to be stored.
When the target client calls the first target interface in the service server for the first time, the target client needs to pass the authentication of the authorization server, so that the target client is ensured to be the client which has confirmed the authorization, and the target encryption string corresponding to the service scene is ensured to be sent to the client which is correct and allowed to be authorized by the client.
Taking an interface N001 in a staged service scenario as an example, a process of confirming authorization by a first target interface is described:
when the target client initially connects with the staged service scene, a primary interface calling request for an interface N001 is sent to a service server;
the service server forwards the initial interface call request of the interface N001 to the authorization server, and a server side administrator discovers that the target client is a new channel and accords with the authorization condition, and then determines the authorization operation;
the authorization server receives a determining authorization operation for the second interface authorization request, and authorizes the request through the second interface authorization;
after passing through the authorization authentication of the interface N001 and the target client, the target client sends an interface calling request aiming at the interface N001 to an authorization server;
when the authorization server receives an interface call request of a target client for an interface N001, verifying the interface call request according to a preset verification rule;
if the verification is passed, the authorization server forwards an interface calling request aiming at an interface N001 to a service server, and simultaneously extracts and stores a client identifier and IP information in the interface calling request;
When receiving an interface call request for an interface N001, the service server judges that the service is a staged service scene, and extracts and acquires a target service scene label carried in the interface call request.
In the step S102, the service server extracts a target service scene tag carried in the interface call request, and generates a target encryption string corresponding to the target service scene tag.
Here, the target service scene tag includes information of all interfaces in the service scene.
After extracting the target service scene label, encrypting the target service scene label according to a preset encryption rule to obtain a target encryption string corresponding to the target service scene label.
In the interface authorization method described in the embodiment of the present application, the interface call request for the first target interface further carries an interface identifier of the first target interface;
the service server determines a target service scene according to the target service scene label, and the method further comprises the following steps:
and the service server determines a first target interface according to the interface identifier, and sends an interface return message aiming at an interface calling request to the target client so as to enable the target client to establish connection with the first target interface.
Here, in step S103, the service server conceals and attaches the generated target encryption string to an interface return message for the interface call request, and sends the interface return message to the target client, so that the target client obtains the target encryption string of the target service scenario.
That is, when the target client calls the first target interface for the first time and establishes a connection with the first target interface, the target encryption string is hidden and attached to an interface return message for the interface call request, and then sent to the target client.
And the target client receives the interface return message aiming at the interface call request, analyzes the interface return message, analyzes the target encryption string and obtains the interface information in the service scene.
When the target client needs to call a second target interface in the service scene, the received target encryption string is hidden and attached to a first interface authorization request aiming at the second target interface, and the first interface authorization request is sent to the service server and forwarded to the authorization server by the service server.
In step S104, when the authorization server receives a first interface authorization request for a second target interface sent by a target client, if it is determined that the first interface authorization request meets a preset authorization authentication condition according to a client identifier, IP information, and a target encryption string of a target service scenario carried in the first interface authorization request, the authorization is performed through the first interface authorization request.
Referring to fig. 4, fig. 4 shows a flowchart of a method for determining whether the first interface authorization request meets a preset authorization authentication condition according to the embodiment of the present application, specifically, as shown in fig. 4, determining whether the first interface authorization request meets the preset authorization authentication condition according to a client identifier, IP information, and a target encryption string of a target service scenario carried in the first interface authorization request includes:
s401, the authorization server respectively judges whether the client identification and the IP information carried in the first interface authorization request are the same as the client identification and the IP information corresponding to the first target interface which passes the authorization aiming at the target client;
s402, if the target encryption strings are the same, extracting target encryption strings in the first interface authorization request, analyzing to obtain service scene labels corresponding to the target encryption strings, and judging whether the analyzed scene labels conform to the pre-configured service scene labels or not;
s403, if yes, judging that the first interface authorization request meets a preset authorization authentication condition.
And analyzing the target encryption string to obtain a scene label corresponding to the target encryption string, and specifically, analyzing the target encryption string by the authorization server according to a preset decryption rule to obtain a service scene label of the first interface authorization request.
Specifically, in some embodiments, a service scenario label of each service scenario in the service server is preconfigured in the authorization server. Judging whether the scene label obtained by analysis accords with a pre-configured service scene label or not, specifically: and judging whether the service scene label obtained by analysis exists in a pre-configured service scene label or not.
Here, an interface in the staged service scenario is still taken as an example. When receiving an interface call request aiming at an interface N001, a service server judges that the interface call request is a staged service scene, and extracts and acquires a staged service scene label carried in the interface call request; then, the service server generates a target encryption string corresponding to the staged service scene label according to a preset encryption rule;
the service server conceals and attaches the target encryption string to an interface return message of an interface call request aiming at an interface N001, and sends the interface return message to the target client so that the target client obtains the target encryption string of the staged service scene;
when the client subsequently needs to call query information of other interfaces N003, N004 and the like in the staged service scene, an interface call request aiming at the interface N003 for the first time is sent to a service server in an exemplary manner; the service server sends a first interface call request aiming at an interface N003 as a first interface authorization request to an authorization server; meanwhile, a target encryption string and an interface number of the staging service scene are requested to be attached to the interface call request aiming at the interface N003 for the first time;
The authorization server analyzes the first interface authorization request to obtain a client identifier, IP information and a target encryption string; firstly, searching whether the analyzed client identification and IP information exist in the pre-stored client identification and IP information; if yes, the client is a client which the client side has passed the authorization authentication; then analyzing the target encryption string to obtain a staged service scene label, and if the analyzed staged service scene label also exists in a pre-configured service scene label, indicating that the client has been in butt joint with at least one interface in the staged service scene before;
based on the above, the authorization server automatically requests the first interface authorization request for the interface N003 through the client, without the need for the service side administrator to perform repeated authorization operations on multiple interfaces in one service scenario.
In this embodiment of the present application, after the service server extracts the target service scene tag in the interface call request and generates the target encryption string corresponding to the target service scene tag, the interface authorization method further includes:
acquiring an associated service scene tag associated with the target service scene tag according to a preset scene tag association relationship, and generating an associated encryption string corresponding to the associated service scene tag;
The service server conceals and attaches the generated target encryption string in an interface return message aiming at an interface call request, so that a target client receiving the interface return message obtains the target encryption string of the target service scene, and the method comprises the following steps: and the service server conceals and attaches the generated target encryption string and the generated associated encryption string in an interface return message aiming at the interface call request, so that a target client receiving the interface return message acquires the target encryption string of the target service scene and the associated encryption string of the associated service scene.
Correspondingly, when the authorization server receives a third interface authorization request which is sent by a target client and aims at a third target interface, if the third interface authorization request meets a preset authorization authentication condition according to a client identifier, IP information and a target encryption string of a target service scene carried in the third interface authorization request, authorizing the third interface authorization request to pass through the third interface authorization request.
That is, for some relevant business scenes in the business system, such as a staged transaction scene and a fund transaction scene, if the same client of the same client side has the same docking authority for two business scenes, when the client docks the interface of one scene for the first time, the relevant encryption string corresponding to the business scene label of the other scene can be sent to the client side, so that the client side can not only automatically dock with other interfaces of the business scene, but also automatically dock with the interfaces of the relevant business scene, thereby further improving the authorization efficiency of the business system.
Referring to fig. 5, fig. 5 is a schematic structural diagram of an interface authorization device according to an embodiment of the present application; in the embodiment of the application, an interface authorization device is also provided and is applied to a service platform, wherein the service platform comprises a service server and an authorization server; as shown in fig. 5, the interface authorization device includes:
areceiving module 501, configured to enable the service server to receive an interface call request of a target client for a first target interface; the first target interface is an interface which is authorized to pass through for the target client;
thegenerating module 502 is configured to enable the service server to extract a target service scene tag carried in the interface call request, and generate a target encryption string corresponding to the target service scene tag;
afirst sending module 503, configured to enable the service server to hide and send the generated target encryption string in an interface return message for an interface call request, and send the interface return message to a target client, so that the target client obtains the target encryption string of the target service scenario;
and thefirst authorization module 504 is configured to, when the authorization server receives a first interface authorization request for a second target interface sent by a target client, determine that the first interface authorization request meets a preset authorization authentication condition according to a client identifier, IP information, and a target encryption string of a target service scenario carried in the first interface authorization request, and authorize the first interface authorization request to pass through the first interface authorization request.
In some embodiments, in the interface authorization device, the interface call request for the first target interface further carries an interface identifier of the first target interface; the apparatus further comprises:
and the second sending module is used for determining the first target interface according to the interface identifier after the service server receives the interface calling request of the target client for the first target interface, and sending an interface return message for the interface calling request to the target client so as to enable the target client to establish connection with the first target interface.
In some embodiments, in the interface authorization device, the authorization module is specifically configured to, when determining, according to a client identifier, IP information, and a target encryption string of a target service scenario carried in the first interface authorization request, whether the first interface authorization request meets a preset authorization authentication condition:
respectively judging whether the client identification and the IP information carried in the first interface authorization request are the same as the client identification and the IP information corresponding to the first target interface which passes the target client authorization;
if the target encryption strings are the same, extracting target encryption strings in the first interface authorization request, analyzing to obtain service scene labels corresponding to the target encryption strings, and judging whether the analyzed scene labels accord with preset service scene labels or not;
If yes, judging that the first interface authorization request meets a preset authorization authentication condition.
In some embodiments, the interface authorization device further comprises:
the first acquisition module is used for acquiring client identification and IP information corresponding to a first target interface which is authorized to pass by aiming at a target client; specifically, the first obtaining module is configured to verify, when the authorization server receives an interface call request of the target client for the first target interface, the interface call request according to a preset verification rule;
if the authentication is passed, the authorization server forwards the interface call request to a service server, and simultaneously extracts and stores the client identification and the IP information in the interface call request.
In some embodiments, the interface authorization device further comprises:
the second authorization module is used for enabling the authorization server to receive a second interface authorization request of the target client for the first target interface; and causing the authorization server to receive a determining authorization operation for the second interface authorization request, authorizing the request through the second interface.
In some embodiments, the interface authorization device further comprises:
The second acquisition module is used for acquiring an associated service scene tag associated with the target service scene tag according to a preset scene tag association relation after extracting the target service scene tag in the interface call request and generating a target encryption string corresponding to the target service scene tag, and generating an associated encryption string corresponding to the associated service scene tag;
correspondingly, the first sending module conceals and attaches the generated target encryption string in an interface return message aiming at an interface call request, so that a target client receiving the interface return message obtains the target encryption string of the target service scene, and the first sending module is specifically used for: and the service server conceals and attaches the generated target encryption string and the generated associated encryption string in an interface return message aiming at the interface call request, so that a target client receiving the interface return message acquires the target encryption string of the target service scene and the associated encryption string of the associated service scene.
Correspondingly, the interface authorization device further comprises:
and the third authorization module is used for authorizing the request to pass through the third interface if judging that the third interface authorization request meets the preset authorization authentication condition according to the client identifier, the IP information and the target encryption string of the target service scene carried in the third interface authorization request when the authorization server receives the third interface authorization request aiming at the third target interface and sent by the target client.
Fig. 6 shows a schematic structural diagram of an electronic device according to an embodiment of the present application; in an embodiment of the present application, there is also provided anelectronic device 600, including: aprocessor 602, amemory 601 and a bus, saidmemory 601 storing machine readable instructions executable by saidprocessor 602, saidprocessor 602 and saidmemory 601 communicating via the bus when theelectronic device 600 is running, said machine readable instructions when executed by saidprocessor 602 performing the steps of said interface authorization method.
In some embodiments, a computer readable storage medium is also provided, on which a computer program is stored, which computer program, when being executed by a processor, performs the steps of the interface authorization method.
It will be clearly understood by those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described system and apparatus may refer to corresponding procedures in the method embodiments, which are not described in detail in this application. In the several embodiments provided in this application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. The above-described apparatus embodiments are merely illustrative, and the division of the modules is merely a logical function division, and there may be additional divisions when actually implemented, and for example, multiple modules or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some communication interface, indirect coupling or communication connection of devices or modules, electrical, mechanical, or other form.
The modules described as separate components may or may not be physically separate, and components shown as modules may or may not be physical units, may be located in one place, or may be distributed over multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a non-volatile computer readable storage medium executable by a processor. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a platform server, or a network device, etc.) to perform all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a usb disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk, etc.
The foregoing is merely a specific embodiment of the present application, but the protection scope of the present application is not limited thereto, and any person skilled in the art can easily think about changes or substitutions within the technical scope of the present application, and the changes or substitutions are covered in the protection scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (10)

CN202210745844.3A2022-06-282022-06-28Interface authorization method and device, electronic equipment and mediumActiveCN114978761B (en)

Priority Applications (1)

Application NumberPriority DateFiling DateTitle
CN202210745844.3ACN114978761B (en)2022-06-282022-06-28Interface authorization method and device, electronic equipment and medium

Applications Claiming Priority (1)

Application NumberPriority DateFiling DateTitle
CN202210745844.3ACN114978761B (en)2022-06-282022-06-28Interface authorization method and device, electronic equipment and medium

Publications (2)

Publication NumberPublication Date
CN114978761A CN114978761A (en)2022-08-30
CN114978761Btrue CN114978761B (en)2023-04-25

Family

ID=82965312

Family Applications (1)

Application NumberTitlePriority DateFiling Date
CN202210745844.3AActiveCN114978761B (en)2022-06-282022-06-28Interface authorization method and device, electronic equipment and medium

Country Status (1)

CountryLink
CN (1)CN114978761B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
CN102708319A (en)*2008-09-082012-10-03苹果公司Accessory device authentication
CN110149328A (en)*2019-05-222019-08-20平安科技(深圳)有限公司Interface method for authenticating, device, equipment and computer readable storage medium
US10572315B1 (en)*2016-08-292020-02-25Amazon Technologies, Inc.Application programming interface state management
CN114268478A (en)*2021-12-142022-04-01中国联合网络通信集团有限公司Call request authentication method, device, equipment and medium of edge cloud platform

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
CN102708319A (en)*2008-09-082012-10-03苹果公司Accessory device authentication
US10572315B1 (en)*2016-08-292020-02-25Amazon Technologies, Inc.Application programming interface state management
CN110149328A (en)*2019-05-222019-08-20平安科技(深圳)有限公司Interface method for authenticating, device, equipment and computer readable storage medium
CN114268478A (en)*2021-12-142022-04-01中国联合网络通信集团有限公司Call request authentication method, device, equipment and medium of edge cloud platform

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
黄伟民 ; 陈可新 ; .基于Token的物联网云平台系统身份认证机制研究.智库时代.2018,(42),全文.*

Also Published As

Publication numberPublication date
CN114978761A (en)2022-08-30

Similar Documents

PublicationPublication DateTitle
CN110912938B (en)Access verification method and device for network access terminal, storage medium and electronic equipment
CN109471865B (en)Offline data management method, system, server and storage medium
US8977844B2 (en)Smartcard formation with authentication keys
CN108769171B (en)Copy keeping verification method, device, equipment and storage medium for distributed storage
CN110221949B (en)Automatic operation and maintenance management method, device, equipment and readable storage medium
CN112838951B (en)Operation and maintenance method, device and system of terminal equipment and storage medium
CN111586021B (en)Remote office business authorization method, terminal and system
JP2018517982A (en) Automatic recharge system, method and server
CN109213901A (en)A kind of method of data synchronization, device, equipment and the medium of block chain
CN105791249A (en)Third-party application processing method, device and system
CN112380501B (en)Equipment operation method, device, equipment and storage medium
CN111522580A (en)Method and device for establishing code branch and computer equipment
JP2019192190A (en)Cloud scraping system and method using pre-scraped big data, and computer program therefor
CN109213612B (en)Invoice issuing method and system based on webservice interface
CN114978761B (en)Interface authorization method and device, electronic equipment and medium
CN104021497A (en)Train fault overhaul terminal system based on mobile terminal
CN112636954B (en)Server upgrading method and device
CN101924794A (en)Internet based method for monitoring total software operation quantity in real time
CN112926047A (en)Authorization control method and device for localized deployment product, electronic equipment and medium
CN111030816A (en)Authentication method and device for access platform of evidence obtaining equipment and storage medium
CN107809424B (en)On-site certificate storing method and device and related certificate storing system
CN114254300B (en) A method and system for securely collecting data from long-distance pipelines
CN107154930B (en)Method and system for testing vulnerability
CN116916310A (en)Verification code generation and verification method and device and electronic equipment
CN111382050B (en)Network service interface testing method and device

Legal Events

DateCodeTitleDescription
PB01Publication
PB01Publication
SE01Entry into force of request for substantive examination
SE01Entry into force of request for substantive examination
GR01Patent grant
GR01Patent grant
[8]ページ先頭
©2009-2025 Movatter.jp