Developing a Token Generation Mechanism and Verification API

You need to develop a token generation mechanism for generating verification tokens and develop a verification API for the CEC to perform authentication. When receiving a request from an agent (that is, a request sent during page integration), the CEC invokes the API to obtain the values of access_token (which is generated by the token generation mechanism and is different from AccessToken in Authentication Before Sign-In), tenantSpaceId, and userAccount, and sends them to your system for confirmation.

A demo of the token generation mechanism and verification API is provided for your reference. You can download the demo from the Huawei Developer Forum(https://bbs.huaweicloud.com/forum/thread-192048-1-1.html). The demo provides the algorithm and verification logic. Use a secure algorithm in actual use. This demo cannot be directly used for production and is for demonstration only. Design the token generation mechanism and verification API based on your system security requirements.

1. Develop a token generation mechanism. You need to develop the mechanism based on the features and security requirements of your system.
2. Develop a verification API. The verification API must meet the following requirements. Table 1 and Table 2 describes the requirements for request parameters and response parameters.

   HTTP method: POST

   URL: http(s)://IP address:Port number/rest/cc-management/v1/thirdparty/thirdPartyValidate (which can be customized by the enterprise)

   

   HTTP is an insecure protocol, which may bring risks to the system. Therefore, it is not recommended. The secure HTTPS protocol is recommended. If the HTTPS protocol is used, you need to prepare a certificate in CER format to verify the validity of the HTTPS website.

   Table 1 Request body description

   Parameter	Type	Position	Mandatory or Not	Description
   access_token	String	Body	Yes	Verification information generated after an enterprise develops a token generation mechanism.
   tenantSpaceId	String	Body	Yes	Tenant space ID provided by the CEC. To obtain the tenant space ID, choose Configuration Center > System Management > Tenant Information.
   userAccount	String	Body	Yes	CEC sign-in account. The value comes from the accountCode parameter in Obtaining CEC Account Information.

   • Example

   {
       "access_token":"XXXXXXXXXXXXXXX",
       "tenantSpaceId":"XXXXXXXXXXXXXXX",
       "userAccount":"XXXXXXXXXXXXXXX"
    }

   Table 2 Response description

   Parameter	Type	Position	Mandatory or Not	Description
   retCode	Integer	Body	Yes	API result code. The value 0 indicates success, and other values indicate failure.
   message	String	Body	Yes	Result.

   • Example

   {
       "retCode":0,
       "message":"validate success"
   }

3. Submit the URL and certificate file of the verification API to the CEC operations administrator. The operations administrator configures the URL and certificate file in the CEC.