Interface safety :
1. Token authentication mechanism
By username / password interface to obtain authorization to call Token, set the token is valid on hold while the user is authorized to use the token information stored on the server side to avoid inter-network transmission, designed to prevent disclosure of user information, a state machine storage.
2. The signature interface calls
Since the separation of the front and rear ends of the front end interface by calling http request, by calling the parameters of the network during media transfer interface, the hacker could monitor http requests information, call interface parameters steal information, and inquiries from the law, so as not to by the client through the public domain, direct call interface direct request by http. Access needs to be signed this case by way of a signature on some sensitive interface.
Step approach:
a. Secret key agreement front and rear ends, the key can be as complex.
. B agreed MD5 encryption rules: The general format: MD5 (param1 + secret + param2 + timestamp)
C. Using the same rear end to give the MD5 algorithm encryption operation parameters after receiving the front end, by aligning the front and rear ends of the ciphertext, if consistent with the subsequent service may be invoked. Inconsistency error message is returned.
3. Interface limiting
Preventing malicious hacker attacks (such as cc attack) lead qps too high, the highest number of access restriction policy requests per second for the same account at the service entrance uid can be considered.
Limiting solution:
Can be distributed caching middleware Redis, customers will have to get Uid as a key growth since the number of times a user interface call through, if the interface call requesting service access much more than the threshold value, continues to refuse access to the user interface.
Limit the current level of network management control via Nginx. Nginx obtained using methods may be used to achieve limit_conn module, custom scripts can also be, by way of the access log have achieved the brush.
4. Interface idempotent control , if the interface does not do power control and the like, is called repeatedly to change the interface encounter interfaces or interface with a caller retry mechanism, duplicate data will be entered
Was the case, it is necessary to consider issues such as power interfaces, usually to solve problems such as power interfaces have common methods are:
a. be unique key constraint in the database level
b. In the first call before retrieving a token interface call interface to obtain redis token and the token information into request parameters submitted, after verification redis background get access token, if the token is performed subsequent service.
. C database optimistic locking control, update data is saved an updated version of the data, each update version +1 update statement: UPDATE table t set ta = value and t.version = t.version +1 WHERE t.id = # {id} t.version = # {version}
Interface Performance :
1. Interface stateless design , the interface using the stateless design can easily serve a scale, so that when the interface when high concurrency can increase the number of service interfaces available to improve concurrency.
2. Important data cache warming process , thus reducing the application was excessive and have to interact with the underlying data when implementing call interface, improve IO performance was.
3. LRU, LFU, LNU algorithms , hotspot data cache, reducing the breakdown rate of the cache.
4. messaging middleware , the high-frequency peak and processing asynchronous interface. Enhance the interface must respond to events.