[208] API design based on accesstoken

One 、 Illustrate with examples :

demand ：

A、B The organization needs to call X The interface to the server , that X The server needs to provide an open Internet access interface .

analysis ：

1、 Open platform providers X, Provide corresponding services for each cooperative organization appid、app_secret.

2、appid Is the only one. （ Can't change ）, Indicates the corresponding third-party Cooperation Organization , Used to distinguish between different institutions .

3、app_secret Realize the encryption function in the transmission （ Secret key ）, The secret key can be changed .

4、 Why? app_secret It can be changed ？ Calling the interface requires appid+app_secret Generate corresponding access_token（ Temporary ）, If appid and app_secret Be leaked , Create security problems , If you find it leaked , You can regenerate a app_secret.

principle ： Create a corresponding for each partner appid、app_secret, Generate corresponding access_token（ The period of validity 2 Hours ）, When calling the external network open interface , Must pass valid access_token.

Two 、 Development steps

1、 Use appid+app_secret Generate corresponding access_token

1. Get generated AppId and appSecret, And verify availability
2. Delete the previous accessToken
2.AppId and appSecret Ensure that the corresponding unique accessToken
Be careful : The second step above must ensure that in the same transaction
3. Go back to the latest accessToken
2、 Use accessToken Call the third-party interface

1. Get the corresponding accessToken
2. Use AccessToken Inquire about redis Corresponding value(appId)
3. If you don't get the corresponding appid, Directly return the error prompt

4. If you can get the corresponding appid, Use appid Query corresponding APP Information
5. Use appId Query the database app Information , obtain is_flag state , If 1, The interface... Cannot be called , Otherwise execute normally
6. Directly call the interface business