Background:
There are many services within the company, such as consumer credit, account services, payment services, etc. These services are maintained by different departments or teams in the company. If external organizations want to invoke these interfaces, they need to negotiate with different teams about the interface format, encryption and decryption format, signature and signature verification format and other invocation methods. If a company has a unified gateway for providing services to the outside world, and a unified invocation method, both service invokers and providers conduct interface invocation and development according to this standard, it can avoid the repetitive discussion of technical details and focus on the business level.
An overview of the
Developed based on the Spring Cloud Gateway, the Unified Gateway provides a unified entry point for external access to internal services, with callers routing to different internal applications through a series of assertions and filters. The flow chart is as follows:
Function:
- Parameter verification: The caller will put the JSON format request parameters into the Request Body and access the Unified Gateway through HTTP POST. The request parameters should follow the standards of the Unified Gateway, including institution number, bank number, API name, API version, authorization token, anti-replay Nounce, stream number, and so on. Encryption after the business data, check the data and other fields. If there are no fields passed in, the request is considered illegal.
- Monitoring: After parameter validation, the gateway puts the request into MQ asynchronously so that transactions can be counted
- Anti-replay: a transaction through a series of filters can be forwarded to the background system, the transaction is intercepted and sent repeatedly, if there is no anti-replay function, the changed transaction will always be forwarded to the background, causing damage to the business system. Therefore, anti – replay can avoid the same request sent repeatedly.
- Token verification: Tokens are applied for by organizations and serve as a source of identification legitimacy for organizations. They are valid for two hours and need to be updated regularly. If the token is invalid, the institution is considered illegal
- Black and white list: Determine which IP is allowed and which is not
- Permission check: Determines whether the institution of the transaction has access to the bank’s API
- Encryption and decryption: the business data of the transaction is encrypted before sending, and the Unified Gateway decrypts and checks the signature and sends it to the background system. After receiving the response from the background system, the signature is encrypted and returned to the caller
- Signature verification: encryption and decryption is to prevent data from being discovered in the transmission process, and signature verification is to prevent data from being tampered with after discovery
Gateway related time:
- Time stamp of the transaction: This is defined by the client itself
- Request time: Time to enter the Gateway
- Response time: Time for the Gateway to respond to the client
The other:
- The time the Gateway sends to the background
- The time the Gateway receives the background response
- Alarm: Time to enter Flink