接口安全机制
In order to ensure the safety and credibility of interface data transmission, a security mechanism is added.
The implementation of this set of security mechanism is jointly implemented by the authorizer, the caller and the platform interface.
The brief logic is as follows: the caller applies to the authorizer for data access rights; The authorizing party issues identity authentication information to the calling party; According to the identity authentication information, the caller uses the corresponding SDK to calculate and sign the interface parameters and calls the platform interface. The platform interface verifies the signature information and decides whether to process the corresponding request.
Note: After signature verification is turned on, please modify the method of calling web api in the DM platform to the corresponding path, otherwise there is a prompt of "need to log in again".
Terms
Authorizer:
Authorizer refers to the application that provides data.
Caller:
Caller refers to the non-DM platform program that calls the interface.
Platform interface:
Platform interface refers to the web api interface provided by DM.
Identity authentication information:
Identity authentication information is a set of user name + password, which is provided to the caller by the authorized party.
The identity authentication information provided by different authorizers to the same caller is different, and the identity authentication information provided by the same authorizer to different callers is also different.
The caller shall properly keep the identity authentication information to prevent disclosure.
SDK:
SDK refers to a set of methods for calculating signatures provided by DM platform to callers. The method in SDK can greatly simplify the logic of signature calculation.
Signature:
Signature refers to a string value obtained by the caller through calculation of data such as interface parameters, identity authentication information, random number, time stamp, etc. using the agreed signature algorithm.
Because there are time stamps and random numbers in the signature element, the signature value of each calling interface is unique. Even if the same caller calls the same interface with the same parameters, the signatures generated by the two callings are different.