API (Application Program Interface) authentication method and system

A technology of API interface and authentication method, applied in transmission systems, digital transmission systems, user identity/authority verification, etc., can solve problems such as hidden dangers, insecurity, and inability to use, and achieve the effect of resisting network attacks

Pending Publication Date: 2022-04-01
山东通汇资本投资集团有限公司
View PDF0 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Obviously, this technology depends on the extreme value of the session of the server. In a distributed system, because the server may have multiple points, the sessions are independent of each other, so it cannot be used; in addition, if the token is obtained by other parties, it will leave unsafe hidden dangers

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • API (Application Program Interface) authentication method and system
  • API (Application Program Interface) authentication method and system
  • API (Application Program Interface) authentication method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0050] This embodiment provides an API interface authentication method;

[0051] Such as image 3 As shown, an API interface authentication method is applied to the server, including:

[0052] S101: Receive the HTTP request initiated by the API interface caller client, determine the identity of the API interface caller client, and generate public request parameters and signature values; the HTTP requests are all provided with a public address pre-generated by the API interface caller client. Request parameters and signature values;

[0053]S102: Compare the signature value generated by the server with the signature value transmitted by the client; if the comparison result is the same, proceed to S103; if the comparison result is different, reject the request;

[0054] S103: Determine whether the signature unique random number SignNonce exists; if yes, reject the request; if not, enter S104;

[0055] S104: Determine whether the requested timestamp Timestamp exceeds the set t...

Embodiment 2

[0141] This embodiment provides a server;

[0142] A server configured to:

[0143] Receive the HTTP request initiated by the API interface caller client, determine the identity of the API interface caller client, and generate public request parameters and signature values; the HTTP requests are all provided with public request parameters pre-generated by the API interface caller client and signed value;

[0144] Compare the signature value generated by the server with the signature value transmitted by the client; if the comparison result is the same, go to the next step; if the comparison result is different, reject the request;

[0145] Determine whether the signature unique random number SignNonce exists; if yes, reject the request; if not, go to the next step;

[0146] Determine whether the requested timestamp Timestamp exceeds the set time range from the current moment; if yes, reject the request; if not, respond to the request, cache all signed unique random numbers S...

Embodiment 3

[0149] This embodiment provides an API interface authentication system;

[0150] Such as figure 2 As shown, an API interface authentication system includes: a server and an API interface caller client;

[0151] The API interface caller client initiates an HTTP request to the server; the HTTP request is provided with public request parameters and signature values ​​pre-generated by the API interface caller client;

[0152] The server receives the HTTP request initiated by the API interface caller client, determines the identity of the API interface caller client, and generates public request parameters and signature values;

[0153] The server compares the signature value generated by the server with the signature value transmitted by the client; if the comparison result is the same, it judges whether the signature unique random number SignNonce exists; if the comparison result is different, the request is rejected;

[0154] The server judges whether the signature unique ran...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an API (Application Program Interface) authentication method and system. Receiving an HTTP (Hyper Text Transport Protocol) request initiated by an API (Application Program Interface) caller client, determining the identity of the client, and generating a public request parameter and a signature value; the HTTP request is provided with a public request parameter and a signature value which are pre-generated by the API interface caller client; comparing the signature value generated by the server with the signature value transmitted by the client; if the comparison result is the same, judging whether a signature unique random number SignNonce exists or not; if not, judging whether the distance between the timestamp of the request and the current moment exceeds a set time range or not; if not, responding to the request, caching all signature unique random numbers SignNonce, and setting a caching period; an API calling log is recorded, the identity of a caller is recognized according to public request parameters and an encryption protocol, calling safety is guaranteed, and network attacks are prevented.

Description

technical field [0001] The invention relates to the technical field of API interface authentication, in particular to an API interface authentication method and system. Background technique [0002] The statements in this section merely mention the background technology related to the present invention and do not necessarily constitute the prior art. [0003] WEB programs are transmitted using the HTTP protocol, and the HTTP protocol is a stateless protocol that has no memory capability for transaction processing. The lack of state means that if subsequent request processing requires previous information, it must be retransmitted, which can lead to an increase in the amount of data transferred per connection. The traditional authentication method is that the client requests the login interface, and the server determines who is requesting the login according to the information of the login interface, and then generates a token indicating the identity of the requester, which ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/40H04L9/32H04L67/02
Inventor 郭伟袁志平吴振刚王登华王璟蕾
Owner 山东通汇资本投资集团有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap