Skip to main content

How to design interface authentication for third-party API docking?



I. Introduction

When doing interface docking with third-party systems, it is often necessary to consider the security of the interface. This article mainly shares several common authentication schemes for interface docking between systems.


2. Certification scheme

For example, after a single line by the delay task docking logistics system of this asynchronous scenario, belong to each other interactions between the system and the system, there is no user operation; it is not required when authentication credentials but the system user credentials, typically comprising app_id and app_secrect .


app_id and app_secrect are provided by the interface provider


2.1. Baic certification

This is a relatively simple authentication method. The client transmits the user name and password in plain text (Base64 encoding format) to the server for authentication.


By Headeradding key for Authorization, is Basic Username: base64 encoded passwords, such as app_id and app_secrect are zlt, then zlt:zltcharacters base64 encoding, the final pass is:


Authorization: Basic emx0OnpsdA==

 

2.1.1. Advantages

Simple and widely supported.


2.1.2. Disadvantages

The security is low, and it needs to cooperate with HTTPS to ensure the security of information transmission


Although the username and password are encoded in Base64, they can be easily decoded.

Not prevent replay attacks and middle attack .

 

2.2. Token authentication

Use Oauth2.0of 客户端模式performed Token authentication procedure as shown below:


file


After obtaining the access_token using Basic authentication, request the business interface through the token


2.2.1. Advantages

Security is relatively Baic认证improved, are issued every time the temporary use interface calls access_tokento replace 用户名和密码the chances of reducing the leakage of documents.


2.2.2. Disadvantages

Still Baic认证security problems.


2.3. Dynamic signature

The following parameters need to be transmitted every time the interface is called:


app_id application id

time current timestamp

nonce random number

sign signature

 

Wherein the signature generation method for the sign: use parameter app_id + time + nonce is added last and app_secrectbe md5 encrypted string, and all converted to uppercase.


If you need to realize the anti-tampering of the parameters, you only need to use all the request parameters of the interface as the generation parameters of the signature.


2.3.1. Advantages

Highest security


The server uses the same method to generate signatures for comparison and authentication, and does not need to be transmitted on the network app_secrect.

You can prevent man in the middle attacks .

By timethe time difference parameter, whether the request within a reasonable range, prevents replay attacks .

By noncebe idempotent judgment parameters.

2.3.2. Disadvantages

Not suitable for front-end applications, the js source code will expose the signature method and app_secrect


Labels:

Comments

Post a Comment

Popular posts from this blog

8 common methods for server performance optimization

  1. Use an in-memory database In-memory database is actually a database that puts data in memory and operates directly. Compared with the disk, the data read and write speed of the memory is several orders of magnitude higher. Saving the data in the memory can greatly improve the performance of the application compared to accessing it from the disk. The memory database abandoned the traditional way of disk data management, redesigned the architecture based on all data in memory, and made corresponding improvements in data caching, fast algorithms, and parallel operations, so the data processing speed is faster than that of traditional databases. Data processing speed is much faster.       But the problem of security can be said to be the biggest flaw in the memory database. Because the memory itself has the natural defect of power loss, when we use the memory database, we usually need to take some protection mechanisms for the data on the memory in advance, such...
Post a Comment
Read more

Recursion-maze problem - Rat in the Maze - Game

  package com.bei.Demo01_recursion; public class MiGong {     public static void main(String[] args)  {         //First create a two-dimensional array to simulate the maze         int [][]map=new int[8][7];         //Use 1 for wall         for (int i = 0; i <7 ; i++) {             map[0][i]=1;             map[7][i]=1;         }         for (int i = 0; i <8 ; i++) {             map[i][0]=1;             map[i][6]=1;         }         //Set the bezel         map[3][1]=1;         map[3][2]=1;         //Output         for (int i = 0; i <8 ; i++) {             for (int j = 0; j ...
Post a Comment
Read more

AirBnB Infographic Journey to IPO

  Full Post at  https://techpomelo.com/2020/10/infographics-airbnb-milestone-journey-to-ipo/
Post a Comment
Read more