Updated on 2023-10-11 GMT+08:00

Developing a Token Generation Mechanism and Verification API

You need to develop a token generation mechanism for generating verification tokens and develop a verification API for the CEC to perform authentication. When receiving a request from an agent (that is, a request sent during page integration), the CEC invokes the API to obtain the values of access_token (which is generated by the token generation mechanism and is different from AccessToken in Authentication Before Sign-In), tenantSpaceId, and userAccount, and sends them to your system for confirmation.

A demo of the token generation mechanism and verification API is provided for your reference. You can download the demo from the Huawei Developer Forum(https://bbs.huaweicloud.com/forum/thread-192048-1-1.html). The demo provides the algorithm and verification logic. Use a secure algorithm in actual use. This demo cannot be directly used for production and is for demonstration only. Design the token generation mechanism and verification API based on your system security requirements.

  1. Develop a token generation mechanism. You need to develop the mechanism based on the features and security requirements of your system.
  2. Develop a verification API. The verification API must meet the following requirements. Table 1 and Table 2 describes the requirements for request parameters and response parameters.

    HTTP method: POST

    URL: http(s)://IP address:Port number/rest/cc-management/v1/thirdparty/thirdPartyValidate (which can be customized by the enterprise)

    HTTP is an insecure protocol, which may bring risks to the system. Therefore, it is not recommended. The secure HTTPS protocol is recommended. If the HTTPS protocol is used, you need to prepare a certificate in CER format to verify the validity of the HTTPS website.

    Table 1 Request body description

    Parameter

    Type

    Position

    Mandatory or Not

    Description

    access_token

    String

    Body

    Yes

    Verification information generated after an enterprise develops a token generation mechanism.

    tenantSpaceId

    String

    Body

    Yes

    Tenant space ID provided by the CEC. To obtain the tenant space ID, choose Configuration Center > System Management > Tenant Information.

    userAccount

    String

    Body

    Yes

    CEC sign-in account. The value comes from the accountCode parameter in Obtaining CEC Account Information.

    • Example
    {
        "access_token":"XXXXXXXXXXXXXXX",
        "tenantSpaceId":"XXXXXXXXXXXXXXX",
        "userAccount":"XXXXXXXXXXXXXXX"
     }
    Table 2 Response description

    Parameter

    Type

    Position

    Mandatory or Not

    Description

    retCode

    Integer

    Body

    Yes

    API result code. The value 0 indicates success, and other values indicate failure.

    message

    String

    Body

    Yes

    Result.

    • Example
    {
        "retCode":0,
        "message":"validate success"
    }

  3. Submit the URL and certificate file of the verification API to the CEC operations administrator. The operations administrator configures the URL and certificate file in the CEC.