Developing a Token Generation Mechanism and Verification API
You need to develop a token generation mechanism for generating verification tokens and develop a verification API for the CEC to perform authentication. When receiving a request from an agent (that is, a request sent during page integration), the CEC invokes the API to obtain the values of access_token (which is generated by the token generation mechanism and is different from AccessToken in Authentication Before Sign-In), tenantSpaceId, and userAccount, and sends them to your system for confirmation.
A demo of the token generation mechanism and verification API is provided for your reference. You can download the demo from the Huawei Developer Forum(https://bbs.huaweicloud.com/forum/thread-192048-1-1.html). The demo provides the algorithm and verification logic. Use a secure algorithm in actual use. This demo cannot be directly used for production and is for demonstration only. Design the token generation mechanism and verification API based on your system security requirements.
- Develop a token generation mechanism. You need to develop the mechanism based on the features and security requirements of your system.
- Develop a verification API. The verification API must meet the following requirements. Table 1 and Table 2 describes the requirements for request parameters and response parameters.
HTTP method: POST
URL: http(s)://IP address:Port number/rest/cc-management/v1/thirdparty/thirdPartyValidate (which can be customized by the enterprise)
HTTP is an insecure protocol, which may bring risks to the system. Therefore, it is not recommended. The secure HTTPS protocol is recommended. If the HTTPS protocol is used, you need to prepare a certificate in CER format to verify the validity of the HTTPS website.
Table 1 Request body description Parameter
Type
Position
Mandatory or Not
Description
access_token
String
Body
Yes
Verification information generated after an enterprise develops a token generation mechanism.
tenantSpaceId
String
Body
Yes
Tenant space ID provided by the CEC. To obtain the tenant space ID, choose
.userAccount
String
Body
Yes
CEC sign-in account. The value comes from the accountCode parameter in Obtaining CEC Account Information.
- Example
{ "access_token":"XXXXXXXXXXXXXXX", "tenantSpaceId":"XXXXXXXXXXXXXXX", "userAccount":"XXXXXXXXXXXXXXX" }
Table 2 Response description Parameter
Type
Position
Mandatory or Not
Description
retCode
Integer
Body
Yes
API result code. The value 0 indicates success, and other values indicate failure.
message
String
Body
Yes
Result.
- Example
{ "retCode":0, "message":"validate success" }
- Submit the URL and certificate file of the verification API to the CEC operations administrator. The operations administrator configures the URL and certificate file in the CEC.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot