当前位置:网站首页>Sign and authenticate API interface or H5 interface
Sign and authenticate API interface or H5 interface
2022-07-07 08:40:00 【Why not 0307】
Parameter signature authentication
To prevent client access API The interface is attacked by camouflage 、 Security risks such as data leakage . Through joint debugging with the server side, the interface security is realized , utilize API Interface signature can effectively prevent these security problems and risks . Signing interface parameters has the following advantages :
Ensure the validity of the request
Parameter changes will cause signature changes , Otherwise, it will be an invalid request ;Ensure the legitimacy of the request
The signature algorithm relies on a pair distributed by the server clientKey and secretKey,clientKey It can distinguish the identity of the caller from the client , The server can according to secretKey Determine whether the signature is legal .
Android One of the rules of client signature authentication :
Sort the parameters , Splice parameters and parameter values , Then splice the key secretKey, The last part MD5 encryption . Generate a parameter sign.
Implementation code
- Define parameter key value object
public class NetParameter {
private String key;
private String value;
public NetParameter(String key, String value) {
super();
this.key = key;
this.value = value;
}
public String getKey() {
return key;
}
public String getValue() {
return value;
}
public void setKey(String key) {
this.key = key;
}
public void setValue(String value) {
this.value = value;
}
@Override
public String toString() {
return "NetParameter [key=" + key + ", value=" + value + "]";
}
}
- Signature method
private String sign(List<NetParameter> list, String secretKey) {
StringBuffer sb = new StringBuffer();
if (list != null) {
Collections.sort(list, new Comparator<NetParameter>() {
@Override
public int compare(NetParameter lhs, NetParameter rhs) {
return lhs.getKey().compareTo(rhs.getKey());
}
});
for (int i = 0, size = list.size(); i < size; i++) {
NetParameter p = list.get(i);
if (p != null) {
sb.append(p.getKey());
sb.append("=");
sb.append(p.getValue());
}
}
}
sb.append(secretKey);
return digest(sb.toString(), "MD5");
}
- Generate public Url
private String createUrl() {
StringBuffer sb = new StringBuffer();
sb.append(link);
sb.append("?");
if (list != null) {
int j = -1;
for (int i = 0, size = list.size(); i < size; i++) {
NetParameter net = list.get(i);
if (net != null) {
String key = net.getKey();
String value = net.getValue();
if (key != null && value != null) {
if (j < 0) {
j = i;
}
if (j != i) {
sb.append("&");
}
sb.append(key);
sb.append("=");
sb.append(value);
}
}
}
}
sb.append("&");
sb.append("sign");
sb.append("=");
sb.append(sign(list, getSecretKey()));
String tmp = sb.toString();
tmp = tmp.replace("?&", "?");
return tmp;
}
Access interface
When the client generates sign Check with the server sign When not in agreement , Access failed , Feedback relevant message:“ Invalid parameter signature ”.
http://192.168.1.76:8806/#/card?clientKey=05380b3c3323541917a25b001d394bf8&rand=751d7b3c-a37b-4d8f-b169-96ca2b30f286&machineNo=7700943733234077224&productName=P770&sign=FC6DE7DECCBDDB5D909D7AC0CA589BC3
边栏推荐
- Exercise arrangement 2.10, 11
- MES系統,是企業生產的必要選擇
- Thirteen forms of lambda in kotlin
- 数据分析方法论与前人经验总结2【笔记干货】
- 南京商品房买卖启用电子合同,君子签助力房屋交易在线网签备案
- 测试踩坑 - 当已有接口(或数据库表中)新增字段时,都需要注意哪些测试点?
- National standard gb28181 protocol video platform easygbs adds streaming timeout configuration
- [Chongqing Guangdong education] audio visual language reference materials of Xinyang Normal University
- [paper reading] icml2020: can autonomous vehicles identify, recover from, and adapt to distribution shifts?
- 如何在HarmonyOS应用中集成App Linking服务
猜你喜欢
![[Yugong series] February 2022 U3D full stack class 006 unity toolbar](/img/2e/3a7d71a0b5a6aff294a0bd2f8515f8.jpg)
[Yugong series] February 2022 U3D full stack class 006 unity toolbar
Rsync remote synchronization
归并排序和非比较排序
![FPGA knowledge accumulation [6]](/img/db/c3721c3e842ddf4c1088a3f54e9f2a.jpg)
FPGA knowledge accumulation [6]
联想混合云Lenovo xCloud:4大产品线+IT服务门户
2-3 lookup tree
详解华为应用市场2022年逐步减少32位包体上架应用和策略
![[南京大学]-[软件分析]课程学习笔记(一)-introduction](/img/57/bf652b36389d2bf95388d2eb4772a1.png)
[南京大学]-[软件分析]课程学习笔记(一)-introduction
【MySQL】数据库进阶之触发器内容详解
Compilation and linking of programs
随机推荐
Practice of combining rook CEPH and rainbow, a cloud native storage solution
Implementation of navigation bar at the bottom of applet
21 general principles of wiring in circuit board design_ Provided by Chengdu circuit board design
Xcit learning notes
How to understand distributed architecture and micro service architecture
Practice of implementing cloud native Devops based on rainbow library app
let const
Openvscode cloud ide joins rainbow integrated development system
国标GB28181协议视频平台EasyGBS新增拉流超时配置
【MySQL】数据库进阶之触发器内容详解
登山小分队(dfs)
[machine learning] watermelon book data set_ data sharing
MES system is a necessary choice for enterprise production
Virtual address space
A single game with goods increased by 100000, and the rural anchor sold men's clothes on top of the list?
leetcode135. Distribute candy
Opencv learning note 5 - gradient calculation / edge detection
Merge sort and non comparison sort
Improve the delivery efficiency of enterprise products (1) -- one click installation and upgrade of enterprise applications
Are you holding back on the publicity of the salary system for it posts such as testing, development, operation and maintenance?