Shulou(Shulou.com)06/02 Report--

Based on the AccessToken way to achieve API design, I believe that many inexperienced people do not know what to do. Therefore, this paper summarizes the causes and solutions of the problem. Through this article, I hope you can solve this problem.

Realization of API Design based on AccessToken

Description: this is actually similar to the simplified mode of Oauth3.0

1. Give examples:

Demand:

Institutions An and B need to call the interface of the X server, so the X server needs to provide an open access interface to the public network.

Analysis:

1. Open platform provider X, providing corresponding appid and app_secret for each cooperative organization.

2. Appid is unique (cannot be changed), indicating the corresponding third-party cooperative organization, which is used to distinguish between different institutions.

3. App_secret implements the encryption function (secret key) in transmission, which can be changed.

4. Why can app_secret be changed? The calling API requires appid+app_secret to generate the corresponding access_token (temporary). If the appid and app_secret are compromised, there will be security problems. If an app_secret is found to be compromised, an app_secret can be generated again.

Principle: create a corresponding appid and app_secret for each cooperative organization, and generate a corresponding access_token (valid for 2 hours). When calling the public network open API, you must pass a valid access_token.

II. Development steps

1. Use appid+app_secret to generate the corresponding access_token

1. Get the generated AppId and appSecret, and verify that 2. 0 is available. Delete the previous accessToken 2.AppId and appSecret to ensure that the corresponding unique accessToken is generated Note: the second step above must be guaranteed in the same transaction. Returns the latest accessToken

2. Use accessToken to call the third party interface

1. Get the corresponding accessToken2. Use AccessToken to query the value (appId) 3 corresponding to redis. If you do not get the corresponding appid, return error prompt 4. 0 directly. If you can get the corresponding appid, use appid to query the corresponding APP information 5. 5. Use appId to query database app information and get is_flag status. If it is 1, the interface cannot be called, otherwise 6. 0 is executed normally. After reading the above contents by directly calling the interface business, have you mastered the method of how to implement API design based on AccessToken? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.