[theory] - interface test

One 、 Interface concept

An interface that provides data services for a system .

features ：1. The interface can run directly without the existence of the interface
2. The content sent by the front end is called a request （request）, Transmission via a specific channel , Send to the back-end server , The server performs computation and processing , Generate response results （response） And return to the front end
3. All interfaces are activated based on requests , And there must be a response

Two 、 signal communication

1.URL： Uniform resource locator , Commonly known as the website . Used to locate the specified path
example ：http://127.0.0.1:5000/api/login?args1=xx&args2=aa
http://： Network protocol
127.0.0.1:5000： These are the server address and port ,http The default port number is 80,https The default port number is 443
api/login/： Path of interface
args1 and args2： Is the parameter that is passed when the request is sent to the interface , Use... Between multiple parameters & Compliant connection

2.URI： Uniform resource identifiers

3. Network protocol
HTTP： yes tcp A network protocol over the protocol , If carrying SSL agreement （ certificate ） On the basis of , To form HTTPS Network protocol .
be-all http All requests under the protocol are stateless （ That is, each is an independent individual ）, So we need to use cookies、session、token To ensure that the status is continuous .

cookie：

cookie It is a short piece of text information generated in the server and stored in the client , The format is a dictionary （ Key value pair ）.

classification ： Session level ： Save in memory , It will be lost when the browser closes
Persistence ： Save on hard disk , Only when the expiration time is up will it be cleared

Authentication principle ： When the client first accesses the server , Then the server will generate cookie, Then, by responding to the header set-cookie It is transmitted to the client , Client from 2~n These will be automatically brought with each request cookie.

shortcoming ：cookie Save on client , For sensitive information, such as passwords, it will not be secure .

Session

session It is a temporary session saved on the server , All communications are based on the created session To communicate , Have timeliness , Expire over time or actively destroy , be session disappear .

Authentication principle ： When the user first accesses the server , Then save a file on the server side sessionid（ Encrypted ）, adopt cookie Put this sessionid Save to client , Only send when requesting the server sessionid.

Token

token It is usually saved in the request header header perhaps body in , Is in the form of an identity token , It can be obtained by capturing packets .

classification ：
access_token: There is a time limit , Restriction on 15 minute
refresh_token: The general limit is 15 God

cookie,session,token The similarities and differences of ？
The same thing ： Are used for authentication , Are generated by the server

difference :
1.cookie Store on client ,session Stored on the server ,session The safety ratio of cookie high , So generally, put important information into session, Put the unimportant things cookie.

2.session Server memory present ,token Exist in the server's file or database ,token The advantage is that session Save server resources .

4. Request method （method）
get: Used for query 、 Get the data list
post: It is used to change and submit data

difference ：
1）get The method is to pass all data in clear text （ That is, the data can be url Visual display in ）, and post The method is to trade various data in secret （ That is, data flows in the body ）

2）get The performance of the method is better , Efficient than post Faster , but get Methods store a limited number of parameters . and post It's safer , But it needs to be compressed , Will increase its load , Efficiency slows down .

5. Request content

Header: Define the normalization of the transmitted data content

Body: It is used to store all data transmitted to the interface

Dobbo: It's a distributed microservice framework , Committed to providing high performance and transparency RPC Remote service invocation scenarios

RPC： Remote procedure call

restful: be based on http Interface communication under network protocol , Is a standardized format .