[go: up one dir, main page]

CN108259432A - A kind of management method of API Calls, equipment and system - Google Patents

A kind of management method of API Calls, equipment and system Download PDF

Info

Publication number
CN108259432A
CN108259432A CN201611245648.0A CN201611245648A CN108259432A CN 108259432 A CN108259432 A CN 108259432A CN 201611245648 A CN201611245648 A CN 201611245648A CN 108259432 A CN108259432 A CN 108259432A
Authority
CN
China
Prior art keywords
api
account number
token
target
management
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611245648.0A
Other languages
Chinese (zh)
Inventor
周春楠
赵贵阳
牛泽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
YIYANG SAFETY TECHNOLOGY Co Ltd
Original Assignee
YIYANG SAFETY TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by YIYANG SAFETY TECHNOLOGY Co Ltd filed Critical YIYANG SAFETY TECHNOLOGY Co Ltd
Priority to CN201611245648.0A priority Critical patent/CN108259432A/en
Publication of CN108259432A publication Critical patent/CN108259432A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention discloses a kind of management methods of API Calls, API gateway receives the call request to target API that user equipment is sent, it is carried in call request and calls token peace account number, the acquired access authority information to target API when calling token as objective of subscription application, platform account number are the associated account number of primary account number with registering intended application in API management platforms;API gateway is by API management platforms to token peace account number is called to authenticate;After the authentication is passed, API gateway calls service logic interface corresponding with target API, and service logic interface is used for user equipment access intended application.Scheme provided in an embodiment of the present invention only allows the user that the authentication is passed to call API, improves the safety of API Calls.

Description

A kind of management method of API Calls, equipment and system
Technical field
The present invention relates to Internet technical fields, and in particular to a kind of management method of API Calls, equipment and system.
Background technology
With the fast development of smart mobile phone industry, each mobile phone is almost applied to using (APP), for example, Taobao APP and Alipay APP etc. is usually constructed with application in numerous mobile phones.APP often calls application programming to connect in use Mouth (Application Programming Interface, API) supports APP by the traffic handing capacity of API offers There is provided it is various easily service, such APP while convenient service is provided to the user, virus, steal the problems such as user information Also it is following.The open state of some API is that many APP is allowed to capture the information such as userspersonal information and address list at present, Call can even be called and send SMS capability, this has actually invaded the personal information power of user, of the non-APP user People's information can also be exposed.
In addition, active user uses the API that open state is directly or indirectly in during APP, these are in open state API is exposed under public network environment, causes the communication between the cell-phone customer terminal being attached thereto that may be monitored, so as to cause to use Family information is by malicious attack or divulges a secret.
Active user can arbitrarily be called API using during APP, and API is not APP the present situation of any protection again, Inevitably result in great security information hidden danger.Therefore, it is necessary to seek the measure of solution Administration API.
Invention content
, using can arbitrarily call API during APP, there is asking for significant information security risk to solve user in the prior art Topic, the embodiment of the present invention provide a kind of management method of API Calls, equipment and system, can to call the user right of API into Row authentication only allows the user that the authentication is passed to call API, improves the safety of API Calls.The embodiment of the present invention additionally provides Corresponding equipment and system.
First aspect present invention provides a kind of management method of API Calls, and the management method is compiled applied to application program Journey interface API manages system, and the API management system includes API management platforms and API gateway, and the management method includes:
The API gateway receives the call request to target API that user equipment is sent, and carries and adjusts in the call request With token peace account number, the acquired access rights to the target API when calling token is applied for objective of subscription Information, the platform account number are the associated account number of primary account number with registering the intended application in the API management platforms;
The API gateway authenticates the calling token and the platform account number by the API management platforms;
After the authentication is passed, the API gateway calls service logic interface corresponding with the target API, the business Logic interfacing is used for intended application described in the user equipment access.
Second aspect of the present invention provides a kind of management method of API Calls, and the management method is compiled applied to application program Journey interface API manages system, and the API management system includes API management platforms and API gateway, and the management method includes:
The API management platforms receive the platform registration request to intended application that user equipment is sent, the platform note The primary account number for registering the intended application is carried in volume request;
The API management platforms distribute corresponding platform account number according to the primary account number;
The API management platforms receive the subscription to target API in the intended application that user equipment is sent and ask, institute It states in subscription request and carries the platform account number;
The API management platforms according to it is described subscribe to request distribution call token, and record the platform account number with it is described The correspondence of token is called, it is described to call token as the access authority information to the target API;
Wherein, the platform account number and the calling token are used for pair that the API gateway sends the user equipment The call request of target API is authenticated.
Third aspect present invention provides a kind of API gateway, and the API gateway is applied to API and manages system, the API pipes Reason system further includes API management platforms, and the API gateway includes:
Receiving unit for receiving the call request to target API of user equipment transmission, carries in the call request Call token peace account number, the acquired access right to the target API when calling token is applied for objective of subscription Limit information, the platform account number are the associated account number of primary account number with registering the intended application in the API management platforms;
Authenticating unit, for the calling token received by the API management platforms to the receiving unit and institute Platform account number is stated to be authenticated;
Call unit after the authentication is passed for working as the authenticating unit, calls service logic corresponding with the target API Interface, the service logic interface are used for intended application described in the user equipment access.
Fourth aspect present invention provides a kind of API management platforms, and the API management platforms are applied to API and manage system, institute It states API management system and further includes API gateway, the API management platforms include:
Receiving unit, for receiving the platform registration request to intended application of user equipment transmission, the platform registration The primary account number for registering the intended application is carried in request;
Allocation unit, the primary account number for being received according to the receiving unit distribute corresponding platform account number;
The receiving unit, the subscription to target API in the intended application for being additionally operable to receive user equipment transmission please It asks, described subscribe in request carries the platform account number;
Token is called in the allocation unit, the subscription request distribution for being received according to the receiving unit;
Recording unit, for recording the platform account number of the allocation unit distribution and the correspondence for calling token, It is described to call token as the access authority information to the target API;Wherein, the platform account number and the calling token are used for The API gateway authenticates the call request of target API to what the user equipment was sent.
Fifth aspect present invention provides a kind of API management system, including API management platforms and API gateway;
The API gateway is the API gateway described in the above-mentioned third aspect;
API management platforms described in the above-mentioned fourth aspect of API management platforms.
With user in the prior art using can arbitrarily call api interface during APP, there are great security risks to compare, The embodiment of the present invention first authenticates the access rights of target API user using API gateway, could be called after the authentication is passed True service logic interface only allows the user that the authentication is passed to call API, improves the safety of API Calls.
Description of the drawings
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment Attached drawing is briefly described, it should be apparent that, the accompanying drawings in the following description is only some embodiments of the present invention, for For those skilled in the art, without creative efforts, it can also be obtained according to these attached drawings other attached Figure.
Fig. 1 is the embodiment schematic diagram that API manages system in the embodiment of the present invention;
Fig. 2 is an embodiment schematic diagram of the data management in API management platforms in the embodiment of the present invention;
Fig. 3 is the embodiment schematic diagram being managed in the embodiment of the present invention to publication data;
Fig. 4 is the embodiment schematic diagram being managed in the embodiment of the present invention to subscribing to data;
Fig. 5 is an embodiment schematic diagram of the management method of API Calls in the embodiment of the present invention in the embodiment of the present invention;
Fig. 6 is another embodiment schematic diagram of the management method of API Calls in the embodiment of the present invention;
Fig. 7 is to the monitoring process schematic diagram of API in the embodiment of the present invention;
Fig. 8 is the layered structure schematic diagram that API manages system in the embodiment of the present invention;
Fig. 9 is another embodiment schematic diagram of the management method of API Calls in the embodiment of the present invention;
Figure 10 is another embodiment schematic diagram of the management method of API Calls in the embodiment of the present invention;
Figure 11 is another embodiment schematic diagram of the management method of API Calls in the embodiment of the present invention;
Figure 12 is another embodiment schematic diagram of the management method of API Calls in the embodiment of the present invention;
Figure 13 is an embodiment schematic diagram of API gateway in the embodiment of the present invention;
Figure 14 is another embodiment schematic diagram of API gateway in the embodiment of the present invention;
Figure 15 is another embodiment schematic diagram of API gateway in the embodiment of the present invention;
Figure 16 is an embodiment schematic diagram of API management platforms in the embodiment of the present invention;
Figure 17 is another embodiment schematic diagram of API management platforms in the embodiment of the present invention;
Figure 18 is another embodiment schematic diagram of API management platforms in the embodiment of the present invention;
Figure 19 is another embodiment schematic diagram of API management platforms in the embodiment of the present invention;
Figure 20 is another embodiment schematic diagram of API management platforms in the embodiment of the present invention.
Specific embodiment
The embodiment of the present invention provides a kind of management method of API Calls, equipment and system, can be to the user of calling API Permission is authenticated, and the user that the authentication is passed is only allowed to call API, improves the safety of API Calls.The embodiment of the present invention is also Provide corresponding equipment and system.It is described in detail separately below.
Below in conjunction with the attached drawing in the embodiment of the present invention, the technical solution in the embodiment of the present invention is carried out clear, complete Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, the every other implementation that those skilled in the art are obtained without creative efforts Example, shall fall within the protection scope of the present invention.
API be one group define, the set of program and agreement, pass through API and realize being in communication with each other between computer software. A major function of API is to provide general utility functions collection.Programmer develops application program by API Function, can To mitigate programmed tasks.API is also simultaneously a kind of middleware, and data sharing is provided for various different platforms.
Fig. 1 is the embodiment schematic diagram that API of the present invention manages system.
As shown in Figure 1, an embodiment of API management system provided by the invention includes API management platforms 10, API gateway 20th, service logic interface equipment 30 and network 40, API management platforms 10, API gateway 20, service logic interface equipment 30 pass through Network 40 communicates to connect.API management platforms 10 include API distribution apparatus 101, API subscribes to equipment 102, management and control equipment 103 and database 104, API subscribe to equipment 102 and are equivalent to API shops, token center are also corresponded to, in user's objective of subscription API When can provide a user the calling token of target API.
Token in API shops can be automatically generated by user in register platforms account number, and each platform account number corresponds to There are one there is the token of service life, when token service life expires, user can renew the service life of the token.
User equipment in the embodiment of the present invention can be the intelligent terminals such as mobile phone, PAD and smartwatch or a People's computer (Personal Computer, PC).
As shown in Figure 1, API publisher makes API by the user equipment 50 of oneself, it is then published to API management platforms 10 API distribution apparatus 101, the API information that API distribution apparatus 101 can be issued itself are all stored in database 104.
The API can be also configured to API and subscribe to equipment 102 by API distribution apparatus 101, that is, be configured to API shops, API Subscriber can be inquired in API shops by the user equipment 60 of oneself and subscribe to API.
User is needed through user equipment 60 to subscribe to API in API management platforms 10 in API management platforms 10 Complete registration process.For using for target APP, user would generally first register account number for target APP, for target APP The account number of registration is known as primary account number in embodiments of the present invention, but to use the API management platforms 10 after registration primary account number, also The register platforms account number in the API management platforms 10 is needed, the process by primary account number register platforms account number can be that user is led to It crosses management and control equipment 103 of the user equipment 60 in API management platforms 10 and sends platform registration request to intended application, institute State the primary account number for being carried in platform registration request and registering the intended application.Management and control equipment 103 is according to the primary account number point It is saved in database 104 with corresponding platform account number, and by the correspondence between the primary account number and platform account number.
User equipment 60 obtain platform account number after can inquire in API shops API, subscription API and to API into Row evaluation etc., user can be also stored in database 104 operation information of API by user equipment 60.User equipment 60 to After API subscribes to the transmission subscription request of equipment 102, API, which subscribes to equipment 102, distribution to be asked to call token according to the subscription, and The platform account number and the correspondence for calling token are recorded, it is described to call token as the access right to the target API Limit information.Platform account number is with calling the correspondence of token that can also store in database 104.
When user will be by APP invocation target API on user equipment 60, API gateway 20 receives user equipment 60 and sends The call request to target API, in the call request carry call token peace account number, it is described calling token for subscribe to The acquired access authority information to target API during intended application, the platform account number are in the API management platforms The upper associated account number of primary account number with registering the intended application;The API gateway 20 is by the API management platforms to described Token and the platform account number is called to be authenticated;After the authentication is passed, the API gateway 20 is from service logic interface equipment 30 Service logic interface corresponding with the target API is called, the service logic interface is for described in the user equipment access Intended application.
With user in the prior art using can arbitrarily call api interface during APP, there are great security risks to compare, The embodiment of the present invention first authenticates the access rights of target API user using API gateway, could be called after the authentication is passed True service logic interface only allows the user that the authentication is passed to call API, improves the safety of API Calls.
API management platforms shown in Fig. 1 include API distribution apparatus 101, API subscribes to equipment 102, management control is set Standby 103, wherein, platform management person can by user equipment 70 in management and control equipment 103 and database 104 with management 103 relevant data of control device are managed.
Fig. 2 is the embodiment schematic diagram being managed to the data in API management platforms.
Platform management person as shown in Figure 2 is operated on user equipment 70, and API is managed by management and control equipment 103 Account number in platform 10, role, permission are managed collectively, including the maintenances such as account number increase, deletion, modification and lookup, API Role in management platform 10 refers to the roles such as API publisher, API subscriber, can be to the role in API management platforms 10 The operations such as increased, deleted, changed and searched, the operations such as can also be allocated to the permission of user.
Fig. 3 is the embodiment schematic diagram being managed to the publication data in API management platforms.
As shown in figure 3, API publisher is operated on user equipment 50, managed by API distribution apparatus 101 in API API is issued in platform 10, and can also be inquired by API distribution apparatus 101 issued API and to announced API into The operations such as row modification and deletion.
Fig. 4 is the embodiment schematic diagram being managed to the subscription data in API management platforms.
As shown in figure 4, before API is called, need first to subscribe to API with the platform account number of subscriber.It is adjustable after subscription With, evaluation API.
After subscriber logs in API subscription equipment 102, that is, API shops, API can be inquired, checks API information.User After subscribing to API, API can be called, user can also evaluate it according to the service condition to API.
Fig. 5 is an embodiment schematic diagram of the management method of API Calls in the embodiment of the present invention.
As shown in figure 5, API subscriber is ordered by user equipment 60 from the API subscription acquisition tokens of equipment 102 token, API It reads equipment 102 and is referred to as token center.The mode for obtaining token can be that user equipment 60 is sent out to API subscription equipment 102 API is sent to subscribe to request, API subscription equipment 102 asks the token to 60 backward reference target API of user equipment according to the subscription.
User equipment 60 obtains token from token center, when API subscriber is by operating APP invocation target API, uses Family equipment 60 sends call request to API gateway 20, and the platform account number of token and subscriber, API nets are carried in the call request Token center can arrive after call request and be authenticated by closing 20 and receiving, certification recalled after in service logic interface equipment 30 and The corresponding true service logic interfaces of target API.Wherein API subscriber can manage the token of oneself in API shops, such as enable Board issues, and token is replaced etc..
Fig. 6 is another embodiment schematic diagram of the management method of API Calls in the embodiment of the present invention.
As shown in fig. 6, after api interface is issued on API distribution apparatus 101,20 user oriented of API gateway is needed to issue, Api interface is called for user equipment.
Api interface is issued for API gateway and can be to the management process of API Calls:
S1, API publisher issue API by API distribution apparatus 101.
API issuing service components can be disposed on S2, API gateway, API publisher is issued by API distribution apparatus 101 During API, the API issuing service components can be called, address, port numbers and the interface of service logic interface are sent to API gateway Title, the configuration informations such as parameter type, parameter name.
Mule-standalone containers can also be disposed on S3, API gateway, which can use In the file of API issued on storage API gateway.API gateway can be sentenced after receiving API posting requests according to publisher's account number Whether have with publisher's account number file of the same name, if there is no then with publisher in disconnected mule-standalone containers Account number is pressed from both sides as title establishment file, and the configuration file of such as mule-config.xml forms is written thereto.
S4, API gateway can distribute independent port numbers for publisher using the ip of API gateway as address, according to regulation lattice Formula generation api interface address, is associated with the associated service logic interface information of API in mule-config.xml files, Mule-standalone can automatic heat deployment this document.The publication of API is then realized after the completion of deployment.
S5, user equipment can call the API that API gateway is issued.
S6, API gateway are according to the api interface address and service logic interface being configured in mule-config.xml files Correspondence is automatically matched to target service logic interfacing, it is achieved thereby that address conversion, determines true service logic interface Return to user equipment.
Therefore, the description based on S2-S5, API gateway described in the embodiment of the present invention receive user equipment send to mesh Before the call request for marking API, the management method can also include:
The API gateway receives the configuration information of the target API of the API management platforms publication;
The API gateway is established according to the configuration information between the target API and corresponding service logic interface Correspondence, and user oriented issues the target API.
Based on above-mentioned S6, API gateway described in the embodiment of the present invention calls service logic corresponding with the target API to connect Mouthful, it can include:
The API gateway determines and the target according to preconfigured API and the correspondence of service logic interface The corresponding service logic interfaces of API;
The API gateway calls service logic interface corresponding with the target API.
Management described above to API includes publication to API, the subscription of API and the security protection to API Management process, in addition to above-mentioned management process, management process in the embodiment of the present invention can also include being monitored API, The monitoring process of API can be understood refering to Fig. 7 in the embodiment of the present invention.
As shown in fig. 7, API monitoring devices are further included in API management platforms 10.
M1, API publisher inquire API Calls frequency in API distribution apparatus.
M2, API distribution apparatus inquire API Calls frequency by API monitoring devices.
M3, API monitoring device inquire API Calls frequency.
M4, API monitoring device return to the query result of API Calls frequency.
M5, API distribution apparatus chart show API Calls frequency.
M6, API publisher inquire the API response times.
M7, API distribution apparatus inquire the API response times by API monitoring devices.
M8, API monitoring device inquire the API response times.
M9, API monitoring device return to the API response times.
M10, API distribution apparatus chart show the API response times.
In the embodiment of the present invention, API is monitored, it can be by the query result of API Calls frequency and API response times The form of query result chart be presented to API publisher, API is optimized for API publisher.
Based on the description of M1 to M10, API management platforms described in the embodiment of the present invention receives the API distribution apparatus hair The management to the target API sent instructs, and wherein management instruction can call the inquiry instruction of frequency, when API is inquired Between response instruction etc..The API management platforms are instructed according to the management, manage the target API, you can be based on tune With the calling frequency of the inquiry instruction inquiry API of frequency, the response time of the response instructions query API based on API query times.
It is retouching for the management method from the hardware structure of API management systems to the API Calls of the embodiment of the present invention above It states, if being divided from the angle of layering to API management system, can be understood refering to Fig. 8.
As shown in figure 8, being divided from layered angle, API management system can include API management level and API component layer, API Management level include Account Administration, rights management, Role Management, API management, API subscription and API monitoring analyses.API component layer packet Management assembly, publication component, key module (key manager) are included, which is referred to as token management component, API gateway, monitoring analytic unit and database.API management level can be managed the account number, permission and role of user, And Administration API publication, subscribe to and analysis is monitored to announced API.API component layer is used to assist API management level, Calling to API etc. is managed.It is only authenticated by API, could call to target service logic interfacing and provide what side provided Service logic interface.
Have multiple as shown in figure 8, target service logic interfacing provides the service logic interface that side provides, API gateway can be with According to API and the correspondence of service logic interface, service logic interface corresponding with target API is determined, and be called.
Wherein, service logic interface can be that 4A platforms provide, and 4A platforms are to include certification, account number, mandate and audit Unified security management platform.API gateway can rely on key management unit, such as Fig. 9 when being authenticated to the call request of API Shown, another embodiment of the management method of API Calls provided in an embodiment of the present invention includes:
Palmtop operation in Fig. 9 is the user equipment for calling API.API publisher issues API in API management platforms, The API that API publisher issues is configured to API shops by API management platforms, and management staff is managed API management platforms. When Palmtop operation calls API, the target API issued on API gateway is first called, API gateway can pass through key management unit pair Calling token in call request is authenticated, and after the authentication is passed, calls the actual services interface that is provided of 4A platforms, key Manager is the bottom container for generating with management tokens key.
The network topology structure of the management method of API Calls provided in an embodiment of the present invention can also be by Figure 10 come table Show.As shown in Figure 10, it is subscribed to about API publications, API and back-stage management person can refer to front to the management of API platforms and implement The description of example part, it is no longer repeated at this place.Interface subscriber is linked into API gateway by accessing net, and API gateway can lead to The authentication information stored in database (Oracle master) or (Oracle is standby) is crossed, such as:Token information etc. is to call request In calling token authenticated, after the authentication is passed, call the actual services interface that is provided of 4A platforms.Oracle master is normal When Oracle it is standby in stand-by state, oracle is main, and just to start Oracle when occurring abnormal standby.
It is described from the angle of APP business, another embodiment of the management method of API Calls provided in an embodiment of the present invention It can also be described by Figure 11, as shown in figure 11, user equipment passes through the online O&M gateway of network insertion, Palmtop operation gateway Effect be for confirming whether the main accounts of the APP of user have registration in 4A platforms, if having registration, Palmtop operation in 4A platforms Gateway just can forward call request, and the corresponding platform account number of the primary account number and calling are encapsulated in call request to API gateway Token, API gateway is to platform account number and token is called to authenticate, and after authentication, the business of corresponding target API can be called to patrol Volume interface, and pass through Palmtop operation gateway and network returns to user equipment.
User equipment can also access 4A systems before API management platform register platforms account numbers in the embodiment of the present invention, And the bill for obtaining 4A systems is not belonging to the application, this is not made that description is specifically unfolded in this application.
In addition to that platform account number and other than calling the security means that token is authenticated, can also wrap in the embodiment of the present invention Contain but be not limited to following preventive means:
1st, anti-SQL injection:
The place of all acceptable external parameters is identified one by one in the system provided the embodiment of the present invention, with mistake The dangerous character of filter.As " forbidden character string list " defined in overall situation function, the SQL to be filtered out attack generations are listed in the table The character string that code may include.
2nd, cross-site scripting attack is prevented:
All input domains in the system that the embodiment of the present invention is provided use server end white list technology.If necessary Spcial character, it should be converted to safer form.Such as it is suitable for the HTML transcodings of various language, in addition to this, for suspicious Character string will also carry out strengthening inspection and conversion, and further perform following operate:
(1) reinforcing inspection is carried out to the input parameter of each page;
(2) to the original parameter only judged in client, further strengthen inspection in server end;
(3) global transcoding and the function of filtering are ultimately provided.
3rd, source requests verification:
Http Referer header informations are checked in the system provided in the embodiment of the present invention, to not meeting system requirements Source request forbid access.
4th, file uploads filtering:
Stringent blacklist filtering verification, including but not limited to following form are carried out to the file format in the embodiment of the present invention File sh, bat, sql, zip, rar, tar, tar.gz, 7z absolute prohibition upload, if peculiar business (such as batch importing) function Cigarette holder is filtered in a manner of white list, only allows the upload of xls or xlsx formatted files.
5th, static password anti-violence cracks:
Time and number threshold values are set, and the same continuous login failure number of account number both locks this more than threshold values in the unit interval Account number.
6th, identifying code anti-violence cracks:No matter identifying code one-time pad successfully fails, is both removed after verification.
7th, unauthorized access is prevented:
Token is added in the system page, and token is authenticated to prevent unauthorized access on backstage.
8th, other preventive means:
Protection in context logic is carried out according to practical business, as do not allowed to test in Modify password function around original code It demonstrate,proves function and directly asks Modify password function etc..
Malice infiltration detection, Ddos attacks for outer net etc., by disposing IDS, IPS, honey jar and Anti ddos etc. System captures, and records relevant behavior, and source address is asked to carry out real-time blocking by linking with fire wall.
For network layer, in addition to system external serve port, other ports and service are closed to prevent from utilizing operating system The loophole of level is attacked.
Figure 12 is another embodiment schematic diagram of the management method of API Calls in the embodiment of the present invention.
As shown in figure 12, another embodiment of the management method of API Calls provided in an embodiment of the present invention includes:
201st, API management platforms receive the platform registration request to intended application that user equipment is sent, the platform note The primary account number for registering the intended application is carried in volume request.
202nd, API management platforms distribute corresponding platform account number according to the primary account number.
203rd, API management platforms return to platform account number.
204th, API management platforms receive the subscription to target API in the intended application that user equipment is sent and ask, institute It states in subscription request and carries the platform account number.
205th, API management platforms according to it is described subscribe to request distribution call token, and record the platform account number with it is described The correspondence of token is called, it is described to call token as the access authority information to the target API.
206th, API management platforms, which return, calls token.
207th, the API gateway receives the call request to target API that user equipment is sent, and is taken in the call request Band calls token peace account number.
The acquired access authority information to the target API when calling token is applied for objective of subscription, it is described Platform account number is the associated account number of primary account number with registering the intended application in the API management platforms.
There can also be other equipment between user equipment and API gateway, such as:Palmtop operation gateway, user equipment hair Primary account number can be only carried in the API Calls request sent, corresponding platform account number is determined according to primary account number by Palmtop operation gateway With call token, and by platform account number and call token be encapsulated into API Calls request in.
208th, the API gateway reflects to the calling token and the platform account number by the API management platforms Power.
209th, after the authentication is passed, the API gateway calls service logic interface corresponding with the target API.
210th, the API gateway returns to the service logic interface called to user equipment, and the service logic interface is used for Intended application described in the user equipment access.
With user in the prior art using can arbitrarily call api interface during APP, there are great security risks to compare, The embodiment of the present invention first authenticates the access rights of target API user using API gateway, could be called after the authentication is passed True service logic interface only allows the user that the authentication is passed to call API, improves the safety of API Calls.
From the perspective of API gateway:
Optionally, the API gateway carries out the calling token and the platform account number by the API management platforms Authentication, can include:
The API gateway sends the platform account number and the calling token to the API management platforms, so that described API management platforms search token corresponding with the platform account number in the database, when the token found and described call enable When board is identical, then determine whether the calling token is expired;
When the API management platforms determine that the calling token is not out of date, the API gateway receives the API management The lookup result that platform is sent;
The API gateway determines that the calling token and the platform account number pass through authentication according to the lookup result.
Optionally, the API gateway calls service logic interface corresponding with the target API, can include:
The API gateway determines and the target according to preconfigured API and the correspondence of service logic interface The corresponding service logic interfaces of API;
The API gateway calls service logic interface corresponding with the target API.
Optionally, before the API gateway receives the call request to target API that user equipment is sent, the management Method can also include:
The API gateway receives the configuration information of the target API of the API management platforms publication;
The API gateway is established according to the configuration information between the target API and corresponding service logic interface Correspondence, and user oriented issues the target API.
From the perspective of API management platforms,
Optionally, the method further includes:
The API management platforms receive the API gateway and send authentication request, and the platform is carried in the authentication request Account number and the calling token;
The API management platforms search token corresponding with the platform account number from database;
When the token found is identical with the calling token, the API management platforms determine that the calling token is It is no expired;
When determining that the calling token is not out of date, then described to send lookup result to the API gateway, described search is tied Fruit is used to indicate the calling token and the platform account number passes through authentication.
Optionally, the API management platforms receive the subscription to target API in the intended application that user equipment is sent Before request, the method further includes:
The API management platforms receive the configuration information for the target API that API distribution apparatus is sent, and the configuration information is used In after the API gateway is sent to, the API gateway is established between the target API and corresponding service logic interface Correspondence;
The API that the target API is configured in the API management platforms by the API management platforms subscribes to equipment, described The API that API is subscribed in equipment is subscribed to for user.
Optionally, the method further includes:
The API management platforms receive the management to the target API that the API distribution apparatus is sent and instruct;
The API management platforms are instructed according to the management, manage the target API.
Optionally, the method further includes:
The API management platforms receive the operational order to the target API that the user equipment is sent;
The API management platforms perform corresponding operation according to the operational order for the target API.
The management method of the described API Calls of the embodiment of the present invention can refer to above-mentioned Fig. 1 to the correlation of Figure 11 parts Description is understood that it is no longer repeated at this place.
Refering to Figure 13, API gateway 80 provided in an embodiment of the present invention is applied to API and manages system, and the API manages system API management platforms are further included, the API gateway 80 includes:
Receiving unit 801, for receiving the call request to target API of user equipment transmission, in the call request It carries and calls token peace account number, the acquired visit to the target API when calling token is applied for objective of subscription Ask authority information, the platform account number is associated with the primary account number of the registration intended application in the API management platforms Account number;
Authenticating unit 802, for being enabled by the API management platforms to the calling that the receiving unit 801 receives Board and the platform account number are authenticated;
Call unit 803 after the authentication is passed for working as the authenticating unit 802, calls industry corresponding with the target API Business logic interfacing, the service logic interface are used for intended application described in the user equipment access.
With user in the prior art using can arbitrarily call api interface during APP, there are great security risks to compare, The embodiment of the present invention first authenticates the access rights of target API user using API gateway, could be called after the authentication is passed True service logic interface only allows the user that the authentication is passed to call API, improves the safety of API Calls.
Optionally, refering to Figure 14, the API gateway further includes transmitting element 804,
The transmitting element 804, for sending the platform account number and the calling token to the API management platforms, So that the API management platforms search token corresponding with the platform account number in the database, when the token and institute that find State call token it is identical when, then determine it is described calling token it is whether expired;
The receiving unit 801 determines that the calling token is not out of date for working as the API management platforms, receives institute State the lookup result of API management platforms transmission;
The authenticating unit 802, the lookup result for being received according to the receiving unit 801 determine the calling Token and the platform account number pass through authentication.
Optionally, the call unit 803, specifically for corresponding with service logic interface according to preconfigured API Relationship determines service logic interface corresponding with the target API, calls service logic interface corresponding with the target API.
Optionally, refering to Figure 15, API gateway 80 provided in an embodiment of the present invention, which further includes, establishes unit 805,
The receiving unit 801 is additionally operable to receive the configuration information of the target API of the API management platforms publication;
It is described to establish unit 805, for the configuration information received according to the receiving unit 801, establish the mesh The correspondence between API and corresponding service logic interface is marked, and user oriented issues the target API.
It is from the description of the angle progress of the function module of API gateway, in fact, above-mentioned receiving unit 801 and hair above It send unit 804 that can be realized by the I/O interfaces on API gateway, authenticating unit 802, call unit 803 and establishes unit 805 can be realized by processor.
Refering to Figure 16, the embodiment of the present invention provides a kind of application programming interface API management platforms, the API management Platform application manages system in API, and the API management system further includes API gateway, and the API management platforms 90 include:
Receiving unit 901, for receiving the platform registration request to intended application of user equipment transmission, the platform note The primary account number for registering the intended application is carried in volume request;
Allocation unit 902, the primary account number for being received according to the receiving unit 901 distribute corresponding platform account number;
The receiving unit 901 is additionally operable to receive the subscription to target API in the intended application that user equipment is sent Request, described subscribe in request carry the platform account number;
The allocation unit 902, the subscription request distribution for being received according to the receiving unit 901, which is called, to be enabled Board;
Recording unit 903 calls the corresponding of token for recording the platform account number that the allocation unit 902 is distributed with described Relationship, it is described to call token as the access authority information to the target API;Wherein, the platform account number and described call enable Board authenticates the call request of target API to what the user equipment was sent for the API gateway.
With user in the prior art using can arbitrarily call api interface during APP, there are great security risks to compare, The embodiment of the present invention makes API gateway first be authenticated to user to the access rights of target API by API management platforms, is authenticating True service logic interface could be called after, the user that the authentication is passed is only allowed to call API, improves API Calls Safety.
Optionally, refering to Figure 17, the API management platforms 90 further include searching unit 904, determination unit 905 and send Unit 906,
The receiving unit 901 is additionally operable to receive the API gateway transmission authentication request, be carried in the authentication request The platform account number and the calling token;
The searching unit 904, for searching the platform account number received with the receiving unit 901 from database Corresponding token;
The determination unit 905 calls token identical for working as the token that the searching unit 904 is found with described When, determine whether the calling token is expired;
The transmitting element 906 determines that the calling token is not out of date for working as the determination unit 905, then described Lookup result is sent to the API gateway, the lookup result is used to indicate the calling token and the platform account number passes through Authentication.
Optionally, refering to Figure 18, the API management platforms 90 further include dispensing unit 907,
The receiving unit 901 is additionally operable to receive the configuration information for the target API that API distribution apparatus is sent, the configuration Information is used for after the API gateway is sent to, and the API gateway establishes the target API and corresponding service logic interface Between correspondence;
The dispensing unit 907, the API subscription for the target API to be configured in the API management platforms are set Standby, the API that the API is subscribed in equipment is subscribed to for user.
Optionally, refering to Figure 19, the API management platforms 90 further include administrative unit 908,
The receiving unit 901 is additionally operable to receive the referring to the management of the target API of the API distribution apparatus transmission It enables;
The administrative unit 908 for the management instruction received according to the receiving unit 901, manages the mesh Mark API.
Optionally, refering to Figure 20, the API management platforms 90 further include operation execution unit 909,
The receiving unit 901 is additionally operable to receive the operational order to the target API that the user equipment is sent;
The operation execution unit 909, for the operational order received according to the receiving unit, for the mesh It marks API and performs corresponding operation.
More than API management platforms may be to be realized by multiple equipment, it is also possible to pass through a big integrated equipment Realize that API distribution apparatus, API subscribe to the function of facilities and administration control device, no matter the specific implementations of API management platforms How is form, can be realized for each equipment by corresponding software or hardware, such as:Receiving unit 901 and transmission are single Member 906 can be realized by the I/O interfaces on relevant device, allocation unit 902, recording unit 903, searching unit 904, Determination unit 905, dispensing unit 907, administrative unit 908 and operation execution unit 909 can have the processing on relevant device Device is realized.
Description of the figure 13 above to Figure 20 to API gateway and API management platforms can refer to Fig. 1 to the phase of Figure 11 parts It should describe to be understood, it is no longer repeated at this place.
One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment is can It is completed with instructing relevant hardware by program, which can be stored in a computer readable storage medium, storage Medium can include:ROM, RAM, disk or CD etc..
Management method, equipment and the system of the API Calls provided above the embodiment of the present invention have carried out detailed Jie It continues, specific case used herein is expounded the principle of the present invention and embodiment, and the explanation of above example is only It is the method and its core concept for being used to help understand the present invention;Meanwhile for those of ordinary skill in the art, according to this hair Bright thought, there will be changes in specific embodiments and applications, in conclusion the content of the present specification should not manage It solves as limitation of the present invention.

Claims (19)

1. a kind of management method of API Calls, which is characterized in that the management method is applied to application programming interface API Management system, the API management system include API management platforms and API gateway, and the management method includes:
The API gateway receives the call request to target API that user equipment is sent, and is carried in the call request and calls order Board peace account number, the acquired access authority information to the target API when calling token is applied for objective of subscription, The platform account number is the associated account number of primary account number with registering the intended application in the API management platforms;
The API gateway authenticates the calling token and the platform account number by the API management platforms;
After the authentication is passed, the API gateway calls service logic interface corresponding with the target API, the service logic Interface is used for intended application described in the user equipment access.
2. management method according to claim 1, which is characterized in that the API gateway passes through the API management platforms pair The calling token and the platform account number are authenticated, including:
The API gateway sends the platform account number and the calling token to the API management platforms, so that the API is managed Platform searches token corresponding with the platform account number in the database, when the token found is identical with the calling token When, then determine whether the calling token is expired;
When the API management platforms determine that the calling token is not out of date, the API gateway receives the API management platforms The lookup result of transmission;
The API gateway determines that the calling token and the platform account number pass through authentication according to the lookup result.
3. management method according to claim 1 or 2, which is characterized in that the API gateway calls and the target API Corresponding service logic interface, including:
The API gateway determines and API pairs of the target according to preconfigured API and the correspondence of service logic interface The service logic interface answered;
The API gateway calls service logic interface corresponding with the target API.
4. management method according to claim 3, which is characterized in that the API gateway receives pair that user equipment is sent Before the call request of target API, the management method further includes:
The API gateway receives the configuration information of the target API of the API management platforms publication;
The API gateway is established corresponding between the target API and corresponding service logic interface according to the configuration information Relationship, and user oriented issues the target API.
5. a kind of management method of API Calls, which is characterized in that the management method is applied to application programming interface API Management system, the API management system include API management platforms and API gateway, and the management method includes:
The API management platforms receive the platform registration request to intended application that user equipment is sent, and the platform registration please Seek the middle primary account number for carrying and registering the intended application;
The API management platforms distribute corresponding platform account number according to the primary account number;
The API management platforms receive the subscription to target API in the intended application that user equipment is sent and ask, described to order It reads in request and carries the platform account number;
The API management platforms subscribe to request distribution calling token, and record the platform account number and the calling according to described The correspondence of token, it is described to call token as the access authority information to the target API;
Wherein, the platform account number and it is described call token for the API gateway to the user equipment send to target The call request of API is authenticated.
6. management method according to claim 5, which is characterized in that the method further includes:
The API management platforms receive the API gateway and send authentication request, and the platform account number is carried in the authentication request With the calling token;
The API management platforms search token corresponding with the platform account number from database;
When the token found with it is described calling token it is identical when, the API management platforms determine it is described calling token whether mistake Phase;
When determining that the calling token is not out of date, then described to send lookup result to the API gateway, the lookup result is used Pass through authentication in the instruction calling token and the platform account number.
7. management method according to claim 5 or 6, which is characterized in that the API management platforms receive user equipment hair Before the subscription request to target API in the intended application sent, the method further includes:
The API management platforms receive the configuration information for the target API that API distribution apparatus is sent, and the configuration information is used for After being sent to the API gateway, the API gateway is established corresponding between the target API and corresponding service logic interface Relationship;
The API that the target API is configured in the API management platforms by the API management platforms subscribes to equipment, the API The API subscribed in equipment is subscribed to for user.
8. management method according to claim 7, which is characterized in that the method further includes:
The API management platforms receive the management to the target API that the API distribution apparatus is sent and instruct;
The API management platforms are instructed according to the management, manage the target API.
9. management method according to claim 7, which is characterized in that the method further includes:
The API management platforms receive the operational order to the target API that the user equipment is sent;
The API management platforms perform corresponding operation according to the operational order for the target API.
10. a kind of API gateway, which is characterized in that the API gateway is applied to API and manages system, and the API management system is also Including API management platforms, the API gateway includes:
Receiving unit is carried for receiving the call request to target API of user equipment transmission, in the call request and is called Token peace account number, the acquired access rights to the target API are believed when the calling token is applied for objective of subscription Breath, the platform account number are the associated account number of primary account number with registering the intended application in the API management platforms;
Authenticating unit, for the calling token that is received by the API management platforms to the receiving unit and described flat Account number is authenticated;
Call unit after the authentication is passed for working as the authenticating unit, calls service logic corresponding with the target API to connect Mouthful, the service logic interface is used for intended application described in the user equipment access.
11. API gateway according to claim 10, which is characterized in that the API gateway further includes transmitting element,
The transmitting element, for sending the platform account number and the calling token to the API management platforms, so that described API management platforms search token corresponding with the platform account number in the database, when the token found and described call enable When board is identical, then determine whether the calling token is expired;
The receiving unit determines that the calling token is not out of date for working as the API management platforms, receives the API pipes The lookup result that platform is sent;
The authenticating unit, the lookup result for being received according to the receiving unit determine the calling token and described Platform account number passes through authentication.
12. the API gateway according to claim 10 or 11, which is characterized in that
The call unit, specifically for the correspondence according to preconfigured API and service logic interface, determine with it is described The corresponding service logic interfaces of target API call service logic interface corresponding with the target API.
13. API gateway according to claim 12, which is characterized in that the API gateway, which further includes, establishes unit,
The receiving unit is additionally operable to receive the configuration information of the target API of the API management platforms publication;
It is described to establish unit, for the configuration information received according to the receiving unit, establish the target API with it is corresponding Service logic interface between correspondence, and user oriented issues the target API.
14. a kind of API management platforms, which is characterized in that the API management platforms are applied to API and manage system, the API pipes Reason system further includes API gateway, and the API management platforms include:
Receiving unit, for receiving the platform registration request to intended application of user equipment transmission, the platform registration request It is middle to carry the primary account number for registering the intended application;
Allocation unit, the primary account number for being received according to the receiving unit distribute corresponding platform account number;
The receiving unit is additionally operable to receive the subscription request to target API in the intended application that user equipment is sent, institute It states in subscription request and carries the platform account number;
Token is called in the allocation unit, the subscription request distribution for being received according to the receiving unit;
Recording unit, it is described for recording the platform account number of the allocation unit distribution and the correspondence for calling token It is the access authority information to the target API to call token;Wherein, the platform account number and the calling token are for described API gateway authenticates the call request of target API to what the user equipment was sent.
15. API management platforms according to claim 14, which is characterized in that it is single that the API management platforms further include lookup Member, determination unit and transmitting element,
The receiving unit is additionally operable to receive the API gateway transmission authentication request, the platform is carried in the authentication request Account number and the calling token;
The searching unit, for searching order corresponding with the platform account number that the receiving unit receives from database Board;
The determination unit, for the token that is found when the searching unit it is identical with the calling token when, determine described Call token whether expired;
The transmitting element determines that the calling token is not out of date for working as the determination unit, then described to the API nets It closes and sends lookup result, the lookup result is used to indicate the calling token and the platform account number passes through authentication.
16. the API management platforms according to claims 14 or 15, which is characterized in that the API management platforms, which further include, matches Put unit,
The receiving unit, is additionally operable to receive the configuration information for the target API that API distribution apparatus is sent, and the configuration information is used In after the API gateway is sent to, the API gateway is established between the target API and corresponding service logic interface Correspondence;
The dispensing unit, the API for being configured to the target API in the API management platforms subscribes to equipment, described The API that API is subscribed in equipment is subscribed to for user.
17. API management platforms according to claim 16, which is characterized in that it is single that the API management platforms further include management Member,
The receiving unit is additionally operable to receive the management instruction to the target API that the API distribution apparatus is sent;
The administrative unit for the management instruction received according to the receiving unit, manages the target API.
18. API management platforms according to claim 16, which is characterized in that the API management platforms further include operation and hold Row unit,
The receiving unit is additionally operable to receive the operational order to the target API that the user equipment is sent;
The operation execution unit for the operational order received according to the receiving unit, is held for the target API The corresponding operation of row.
19. a kind of API manages system, which is characterized in that including API management platforms and API gateway;
The API gateway is any API gateways of the claims 10-13;
Any API management platforms of the API management platforms the claims 14-18.
CN201611245648.0A 2016-12-29 2016-12-29 A kind of management method of API Calls, equipment and system Pending CN108259432A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611245648.0A CN108259432A (en) 2016-12-29 2016-12-29 A kind of management method of API Calls, equipment and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611245648.0A CN108259432A (en) 2016-12-29 2016-12-29 A kind of management method of API Calls, equipment and system

Publications (1)

Publication Number Publication Date
CN108259432A true CN108259432A (en) 2018-07-06

Family

ID=62720609

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611245648.0A Pending CN108259432A (en) 2016-12-29 2016-12-29 A kind of management method of API Calls, equipment and system

Country Status (1)

Country Link
CN (1) CN108259432A (en)

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109039880A (en) * 2018-09-05 2018-12-18 四川长虹电器股份有限公司 A method of simple authentication authorization is realized using API gateway
CN109144512A (en) * 2018-08-22 2019-01-04 杭州数澜科技有限公司 A kind of method and system generating API
CN109274699A (en) * 2018-11-28 2019-01-25 北京锐安科技有限公司 Method for authenticating, device, server and storage medium
CN109639629A (en) * 2018-10-30 2019-04-16 平安科技(深圳)有限公司 Data access processing method, device, computer equipment and storage medium
CN109635550A (en) * 2018-12-12 2019-04-16 苏州思必驰信息科技有限公司 Authorization check method, gateway and the system of company-data
CN109726025A (en) * 2018-12-29 2019-05-07 北京神舟航天软件技术有限公司 A kind of api interface access method based on API gateway
CN109819061A (en) * 2018-09-11 2019-05-28 华为技术有限公司 A kind of method, apparatus and equipment handling cloud service in cloud system
CN109977637A (en) * 2019-01-17 2019-07-05 阿里巴巴集团控股有限公司 Auxiliary determination vertically goes beyond one's commission, determines vertical method, apparatus and electronic equipment
CN110971575A (en) * 2018-09-29 2020-04-07 北京金山云网络技术有限公司 Malicious request identification method, apparatus, electronic device and computer storage medium
CN111818035A (en) * 2020-07-01 2020-10-23 上海悦易网络信息技术有限公司 Permission verification method and device based on API gateway
CN112261022A (en) * 2020-10-15 2021-01-22 四川长虹电器股份有限公司 Security authentication method based on API gateway
CN112351015A (en) * 2020-10-28 2021-02-09 广州助蜂网络科技有限公司 Gateway control method based on API
CN112953731A (en) * 2021-02-26 2021-06-11 浪潮云信息技术股份公司 API advanced flow control and metering method based on API gateway
CN114338783A (en) * 2021-11-08 2022-04-12 浙江高信技术股份有限公司 API management platform and management method based on technology middle platform
CN114721845A (en) * 2022-04-14 2022-07-08 广州有信科技有限公司 Multi-tenant restful API interface management method and device

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101534196A (en) * 2008-03-12 2009-09-16 因特伟特公司 Method and apparatus for securely invoking a rest api
CN102378170A (en) * 2010-08-27 2012-03-14 中国移动通信有限公司 Method, device and system of authentication and service calling
CN102573112A (en) * 2010-12-07 2012-07-11 中国电信股份有限公司 Telecommunication network capability opening method, system and alliance support platform
CN102611709A (en) * 2012-03-31 2012-07-25 奇智软件(北京)有限公司 Access control method and system for third party resources
CN103188344A (en) * 2013-02-22 2013-07-03 浪潮电子信息产业股份有限公司 Method for safely invoking REST API (representational state transfer, application programming interface)
CN103220259A (en) * 2012-01-20 2013-07-24 华为技术有限公司 Using method, call method, device and system of Oauth application programming interface (API)
CN103378969A (en) * 2012-04-12 2013-10-30 腾讯科技(北京)有限公司 Authorization method, system and third party application system
CN103780396A (en) * 2014-01-27 2014-05-07 华为软件技术有限公司 Token obtaining method and device
CN104967515A (en) * 2015-06-25 2015-10-07 广州杰赛科技股份有限公司 Identity authentication method and server
CN105577602A (en) * 2014-10-08 2016-05-11 阿里巴巴集团控股有限公司 Data pushing method and data pushing device based on open application programming interface
US20160373430A1 (en) * 2015-06-18 2016-12-22 Airwatch Llc Distributing security codes through a restricted communications channel

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101534196A (en) * 2008-03-12 2009-09-16 因特伟特公司 Method and apparatus for securely invoking a rest api
CN102378170A (en) * 2010-08-27 2012-03-14 中国移动通信有限公司 Method, device and system of authentication and service calling
CN102573112A (en) * 2010-12-07 2012-07-11 中国电信股份有限公司 Telecommunication network capability opening method, system and alliance support platform
CN103220259A (en) * 2012-01-20 2013-07-24 华为技术有限公司 Using method, call method, device and system of Oauth application programming interface (API)
CN102611709A (en) * 2012-03-31 2012-07-25 奇智软件(北京)有限公司 Access control method and system for third party resources
CN103378969A (en) * 2012-04-12 2013-10-30 腾讯科技(北京)有限公司 Authorization method, system and third party application system
CN103188344A (en) * 2013-02-22 2013-07-03 浪潮电子信息产业股份有限公司 Method for safely invoking REST API (representational state transfer, application programming interface)
CN103780396A (en) * 2014-01-27 2014-05-07 华为软件技术有限公司 Token obtaining method and device
CN105577602A (en) * 2014-10-08 2016-05-11 阿里巴巴集团控股有限公司 Data pushing method and data pushing device based on open application programming interface
US20160373430A1 (en) * 2015-06-18 2016-12-22 Airwatch Llc Distributing security codes through a restricted communications channel
CN104967515A (en) * 2015-06-25 2015-10-07 广州杰赛科技股份有限公司 Identity authentication method and server

Cited By (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109144512A (en) * 2018-08-22 2019-01-04 杭州数澜科技有限公司 A kind of method and system generating API
CN109144512B (en) * 2018-08-22 2022-05-03 杭州数澜科技有限公司 Method and system for generating API
CN109039880A (en) * 2018-09-05 2018-12-18 四川长虹电器股份有限公司 A method of simple authentication authorization is realized using API gateway
WO2020052271A1 (en) * 2018-09-11 2020-03-19 华为技术有限公司 Method, device, and apparatus for processing cloud service in cloud system
CN109819061B (en) * 2018-09-11 2021-09-21 华为技术有限公司 Method, device and equipment for processing cloud service in cloud system
US11431670B2 (en) 2018-09-11 2022-08-30 Huawei Cloud Computing Technologies Co., Ltd. Method for processing cloud service in cloud system, apparatus, and device
US11811722B2 (en) 2018-09-11 2023-11-07 Huawei Cloud Computing Technologies Co., Ltd. Method for processing cloud service in cloud system, apparatus, and device
CN109819061A (en) * 2018-09-11 2019-05-28 华为技术有限公司 A kind of method, apparatus and equipment handling cloud service in cloud system
CN110971575A (en) * 2018-09-29 2020-04-07 北京金山云网络技术有限公司 Malicious request identification method, apparatus, electronic device and computer storage medium
CN110971575B (en) * 2018-09-29 2023-04-18 北京金山云网络技术有限公司 Malicious request identification method and device, electronic equipment and computer storage medium
CN109639629A (en) * 2018-10-30 2019-04-16 平安科技(深圳)有限公司 Data access processing method, device, computer equipment and storage medium
CN109274699A (en) * 2018-11-28 2019-01-25 北京锐安科技有限公司 Method for authenticating, device, server and storage medium
CN109635550A (en) * 2018-12-12 2019-04-16 苏州思必驰信息科技有限公司 Authorization check method, gateway and the system of company-data
CN109726025A (en) * 2018-12-29 2019-05-07 北京神舟航天软件技术有限公司 A kind of api interface access method based on API gateway
CN109977637A (en) * 2019-01-17 2019-07-05 阿里巴巴集团控股有限公司 Auxiliary determination vertically goes beyond one's commission, determines vertical method, apparatus and electronic equipment
CN111818035A (en) * 2020-07-01 2020-10-23 上海悦易网络信息技术有限公司 Permission verification method and device based on API gateway
CN111818035B (en) * 2020-07-01 2022-09-30 上海万物新生环保科技集团有限公司 Permission verification method and device based on API gateway
CN112261022A (en) * 2020-10-15 2021-01-22 四川长虹电器股份有限公司 Security authentication method based on API gateway
CN112351015B (en) * 2020-10-28 2023-03-14 广州助蜂网络科技有限公司 Gateway control method based on API
CN112351015A (en) * 2020-10-28 2021-02-09 广州助蜂网络科技有限公司 Gateway control method based on API
CN112953731A (en) * 2021-02-26 2021-06-11 浪潮云信息技术股份公司 API advanced flow control and metering method based on API gateway
CN114338783A (en) * 2021-11-08 2022-04-12 浙江高信技术股份有限公司 API management platform and management method based on technology middle platform
CN114721845A (en) * 2022-04-14 2022-07-08 广州有信科技有限公司 Multi-tenant restful API interface management method and device

Similar Documents

Publication Publication Date Title
CN108259432A (en) A kind of management method of API Calls, equipment and system
KR102514325B1 (en) Model training system and method, storage medium
CN109150805B (en) Security management method and system for application programming interface
JP6426189B2 (en) System and method for biometric protocol standard
CN104054321B (en) For the safety management of cloud service
CN105027493B (en) Safety moving application connection bus
US9219750B2 (en) Communication access control device, communication access control method, and computer readable recording medium
CN105681276B (en) A kind of sensitive information leakage actively monitoring and confirmation of responsibility method and apparatus
CN109787988A (en) A kind of identity reinforces certification and method for authenticating and device
CN110677381B (en) Penetration testing method and device, storage medium, electronic device
CN104718526A (en) Secure mobile framework
CN105721426B (en) Access authorization methods, server, target terminal equipment and the system of terminal device
CN103780580B (en) Method, server and system for providing capability access strategy
CN106161438A (en) The method and apparatus of the security protection of layering is provided for interface accessing control
CN106027463B (en) A kind of method of data transmission
CN109460660A (en) A kind of mobile device safety management system
CN104166812A (en) Database safety access control method based on independent authorization
CN103401885B (en) Network file authorization control method, device and system
CN106060041A (en) Enterprises network access authority control method and device
TW201909072A (en) Method, device, and apparatus for loss reporting, removing loss report, and service management of electronic account
CN103825863B (en) A kind of accounts management method and device
CN106027466B (en) A kind of identity card cloud Verification System and card-reading system
KR20160055130A (en) Method and system related to authentication of users for accessing data networks
CN100586123C (en) A safe audit method based on role management and system thereof
Ahmed et al. A Method for Eliciting Security Requirements from the Business Process Models.

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180706