当前位置:网站首页>Sign and authenticate API interface or H5 interface
Sign and authenticate API interface or H5 interface
2022-07-07 08:40:00 【Why not 0307】
Parameter signature authentication
To prevent client access API The interface is attacked by camouflage 、 Security risks such as data leakage . Through joint debugging with the server side, the interface security is realized , utilize API Interface signature can effectively prevent these security problems and risks . Signing interface parameters has the following advantages :
Ensure the validity of the request
Parameter changes will cause signature changes , Otherwise, it will be an invalid request ;Ensure the legitimacy of the request
The signature algorithm relies on a pair distributed by the server clientKey and secretKey,clientKey It can distinguish the identity of the caller from the client , The server can according to secretKey Determine whether the signature is legal .
Android One of the rules of client signature authentication :
Sort the parameters , Splice parameters and parameter values , Then splice the key secretKey, The last part MD5 encryption . Generate a parameter sign.
Implementation code
- Define parameter key value object
public class NetParameter {
private String key;
private String value;
public NetParameter(String key, String value) {
super();
this.key = key;
this.value = value;
}
public String getKey() {
return key;
}
public String getValue() {
return value;
}
public void setKey(String key) {
this.key = key;
}
public void setValue(String value) {
this.value = value;
}
@Override
public String toString() {
return "NetParameter [key=" + key + ", value=" + value + "]";
}
}
- Signature method
private String sign(List<NetParameter> list, String secretKey) {
StringBuffer sb = new StringBuffer();
if (list != null) {
Collections.sort(list, new Comparator<NetParameter>() {
@Override
public int compare(NetParameter lhs, NetParameter rhs) {
return lhs.getKey().compareTo(rhs.getKey());
}
});
for (int i = 0, size = list.size(); i < size; i++) {
NetParameter p = list.get(i);
if (p != null) {
sb.append(p.getKey());
sb.append("=");
sb.append(p.getValue());
}
}
}
sb.append(secretKey);
return digest(sb.toString(), "MD5");
}
- Generate public Url
private String createUrl() {
StringBuffer sb = new StringBuffer();
sb.append(link);
sb.append("?");
if (list != null) {
int j = -1;
for (int i = 0, size = list.size(); i < size; i++) {
NetParameter net = list.get(i);
if (net != null) {
String key = net.getKey();
String value = net.getValue();
if (key != null && value != null) {
if (j < 0) {
j = i;
}
if (j != i) {
sb.append("&");
}
sb.append(key);
sb.append("=");
sb.append(value);
}
}
}
}
sb.append("&");
sb.append("sign");
sb.append("=");
sb.append(sign(list, getSecretKey()));
String tmp = sb.toString();
tmp = tmp.replace("?&", "?");
return tmp;
}
Access interface
When the client generates sign Check with the server sign When not in agreement , Access failed , Feedback relevant message:“ Invalid parameter signature ”.
http://192.168.1.76:8806/#/card?clientKey=05380b3c3323541917a25b001d394bf8&rand=751d7b3c-a37b-4d8f-b169-96ca2b30f286&machineNo=7700943733234077224&productName=P770&sign=FC6DE7DECCBDDB5D909D7AC0CA589BC3
边栏推荐
- Rainbow 5.7.1 supports docking with multiple public clouds and clusters for abnormal alarms
- Fluentd is easy to use. Combined with the rainbow plug-in market, log collection is faster
- Go write a program that runs within a certain period of time
- Compilation and linking of programs
- Le système mes est un choix nécessaire pour la production de l'entreprise
- IP地址的类别
- leetcode135. Distribute candy
- [Yu Yue education] basic reference materials of electrical and electronic technology of Nanjing Institute of information technology
- 【微信小程序:缓存操作】
- Appeler l'interface du moteur de création du service multimédia de jeu Huawei renvoie le Code d'erreur 1002, le message d'erreur: les paramètres sont l'erreur
猜你喜欢
Practice of combining rook CEPH and rainbow, a cloud native storage solution
Analysis of using jsonp cross domain vulnerability and XSS vulnerability in honeypot
![[Yu Yue education] basic reference materials of electrical and electronic technology of Nanjing Institute of information technology](/img/2a/01db1b84c26502c851786aaca56abe.jpg)
[Yu Yue education] basic reference materials of electrical and electronic technology of Nanjing Institute of information technology
leetcode134. gas station
idea里使用module项目的一个bug
![Other 7 features of TCP [sliding window mechanism ▲]](/img/ff/c3f52a7b89804acfd0c4f3b78bc4a0.jpg)
Other 7 features of TCP [sliding window mechanism ▲]
Calling the creation engine interface of Huawei game multimedia service returns error code 1002, error message: the params is error
How to integrate app linking services in harmonyos applications
Compilation and linking of programs
Rainbow 5.7.1 supports docking with multiple public clouds and clusters for abnormal alarms
随机推荐
Snyk dependency security vulnerability scanning tool
2 - 3 arbre de recherche
One click installation of highly available Nacos clusters in rainbow
Go语言中,函数是一种类型
Required String parameter ‘XXX‘ is not present
Several ways of lambda used in functions in kotlin (higher-order functions)
[Chongqing Guangdong education] audio visual language reference materials of Xinyang Normal University
Opencv learning note 5 - gradient calculation / edge detection
数据分片介绍
National SMS center number inquiry
Redis summary
MES系統,是企業生產的必要選擇
FPGA knowledge accumulation [6]
Count sort (diagram)
redis故障处理 “Can‘t save in background: fork: Cannot allocate memory“
let const
Through the "last mile" of legal services for the masses, fangzheng Puhua labor and personnel law self-service consulting service platform has been frequently "praised"
Quick sorting (detailed illustration of single way, double way, three way)
使用AGC重签名服务前后渠道号信息异常分析
Fluentd is easy to use. Combined with the rainbow plug-in market, log collection is faster